Snort mailing list archives
alert tcpdump log file per signature ID
From: Ron H via Snort-devel <snort-devel () lists snort org>
Date: Tue, 20 Mar 2018 15:45:07 +0200
Hello, We use Unifed2 packets logging to log our snort rules. Unifed2 log rotates every X MB size by definition. Our system, convert this unifed2 log to Pcap file by SigID and send him to IDS. The problem with Unifed2 logs can cut in the middle the sessions before ended because the logrotate. we interesting to reduce this issue. We would like to know, How we can resolve this issue? One of our solution we thinking is writing log unifed2/Pcap by SignatureID, It can be possible? Thanks! <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> Virus-free. www.avg.com <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
_______________________________________________ Snort-devel mailing list Snort-devel () lists snort org https://lists.snort.org/mailman/listinfo/snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- alert tcpdump log file per signature ID Ron H via Snort-devel (Mar 20)
- Re: alert tcpdump log file per signature ID Russ via Snort-devel (Mar 20)