Snort mailing list archives

I want to dump full packets, but just for one rule

From: "james" <the_saint_james () yahoo com>
Date: Wed, 26 Dec 2001 16:11:59 -0700

 I am running in this mode : snort -A full -D. I want to dump full packets
when they match one specific rule. I assume you change this rule from alert
to log.  Anything else ?
 
 
 
 
 
 



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Re: SNORT DROPPING PACKETS, (continued)
- - Re: SNORT DROPPING PACKETS Chris Green (Dec 23)
  - Re: SNORT DROPPING PACKETS Phil Wood (Dec 23)
    - Incident Identification Frank Reid (Dec 23)
    - Re: Incident Identification Phil Wood (Dec 23)
    - same SRC/DST James (Dec 24)
    - Re: same SRC/DST Kyle R Maxwell (Dec 25)
    - Re: same SRC/DST James (Dec 25)
    - Re: same SRC/DST Ashley Thomas (Dec 25)
    - Re: Incident Identification (data in TCP syn packet) Matt Kettler (Dec 26)
    - Re: Incident Identification (data in TCP syn packet) james (Dec 26)
    - I want to dump full packets, but just for one rule james (Dec 26)
- RE: SNORT DROPPING PACKETS Crow, Owen (Dec 23)
  - Re: SNORT DROPPING PACKETS Phil Wood (Dec 23)