[Snort-users] Showing triggered pcap file name in output alert

Hassan Faizan hassanfaizan at ...17373...
Wed Dec 9 02:26:25 EST 2015


HI:

Actually, I am processing multiple pcaps by recurisng directory to look for
the pcaps through the following command

                                               * snort -c snort.conf -l
../alert --pcap-dir <dir_path> -q -A console --pcap-show*

This command shows pcap going to be processed. What I want to have an
output in such a way that if a pcap got triggered I get its name in a
separate alert file. I mean that format should be similar to the following:

                                                    *Triggered stream
<-------> pcap file name.*

Till now I just get the output in a console, showing both the triggered and
non-triggered pcaps. But the output file i am generating is just showing
the triggered stream, not showing which pcap causes this. I want the file
name to be shown in the output file along with triggered stream.

So is there any command line for this.

Highly Appreciated

Thanks




-- 
*Syed Hassan Faizan*
*Malware Researcher*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20151209/b3c811b9/attachment.html>


More information about the Snort-users mailing list