Snort mailing list archives
Snort /var/log/snort/tcpdump<>
From: amN0P () me com
Date: Tue, 27 Dec 2011 03:52:10 +0000 (GMT)
Hi everyone, I am sending Snort alerts to central syslog server. If I want more insight I go to /var/log/snort/tcpdumpxxx pcap files to learn what triggered the alert. Many a times I dont see a equivalent pcap log for syslog alert. What do these tcpdump pcap contain and no contain. Does it have full packet dumps of all alerts triggered from rules file but not from so rules? Can someone please clarify. Thanks. -Ams
------------------------------------------------------------------------------ Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort /var/log/snort/tcpdump<> amN0P (Dec 26)
- Re: Snort /var/log/snort/tcpdump<> Eoin Miller (Dec 26)
- Re: Snort /var/log/snort/tcpdump<> Amit B (Dec 27)
- Re: Snort /var/log/snort/tcpdump<> Eoin Miller (Dec 26)