Snort mailing list archives
full tcpdump logging with alerts
From: Ryan.Oliver () pha com au
Date: Mon, 13 Aug 2001 18:44:53 +1000
Greetings all, I was wondering if it was possible to run snort logging ALL traffic to a tcpdump file ( not just alerts ), while logging alerts etc to a database/syslog in real time. I have my snort.conf file setup for output plugins as such output alert_syslog: LOG_AUTH LOG_ALERT output log_tcpdump: snort.log output database: log, mysql, user=snort password=xxxxxxxxx dbname=snort host=xxxxxxxx The reasoning behind wanting to keep full tcpdump logfiles is to be able to replay whole sessions when anything unusual happens. I am trying to avoid running both snort and tcpdump together at once..... Any ideas appreciated Best regards Ryan Oliver
Current thread:
- full tcpdump logging with alerts Ryan . Oliver (Aug 13)