Snort mailing list archives
Showing triggered pcap file name in output alert
From: Hassan Faizan <hassanfaizan () ebryx com>
Date: Wed, 9 Dec 2015 12:26:25 +0500
HI: Actually, I am processing multiple pcaps by recurisng directory to look for the pcaps through the following command * snort -c snort.conf -l ../alert --pcap-dir <dir_path> -q -A console --pcap-show* This command shows pcap going to be processed. What I want to have an output in such a way that if a pcap got triggered I get its name in a separate alert file. I mean that format should be similar to the following: *Triggered stream <-------> pcap file name.* Till now I just get the output in a console, showing both the triggered and non-triggered pcaps. But the output file i am generating is just showing the triggered stream, not showing which pcap causes this. I want the file name to be shown in the output file along with triggered stream. So is there any command line for this. Highly Appreciated Thanks -- *Syed Hassan Faizan* *Malware Researcher*
------------------------------------------------------------------------------
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Showing triggered pcap file name in output alert Hassan Faizan (Dec 09)