gbindersysfive.com

• Next message: Daniel Harrison: "Re: [Snort-users] kyxspam: red vs. blue"
• Previous message: Dragos Ruiu: "[Snort-users] kyxspam: red vs. blue"
• Next in thread: Robert E. Leever: "Re: [Snort-users] Tcpdump logging"
• Reply: Robert E. Leever: "Re: [Snort-users] Tcpdump logging"
• Reply: Martin Roesch: "Re: [Snort-users] Tcpdump logging"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

it would be great to have a -w option in snort that does basically the
same thing as in tcpdump. This would be an excellent way to use snort
for real-time alerts and as a shadow sensor on the same box with the
least overhead.

I have been playing with the tcpdump output plug, but (AFAIK) there is
no way to log everything that tcpdump would see, and it doesn't
integrate as seamlessly as it could into the shadow scripts.

Anybody here trying to achieve the same thing? Comments? Other ideas?

Greetings,
  Gregor.

-- 
Gregor Binder  <gbindersysfive.com>  http://www.sysfive.com/~gbinder/
sysfive.com GmbH             UNIX. Networking. Security. Applications.
Gaertnerstrasse 125b, 20253 Hamburg, Germany       TEL +49-40-63647482
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
http://lists.sourceforge.net/mailman/listinfo/snort-users

• Next message: Daniel Harrison: "Re: [Snort-users] kyxspam: red vs. blue"
• Previous message: Dragos Ruiu: "[Snort-users] kyxspam: red vs. blue"
• Next in thread: Robert E. Leever: "Re: [Snort-users] Tcpdump logging"
• Reply: Robert E. Leever: "Re: [Snort-users] Tcpdump logging"
• Reply: Martin Roesch: "Re: [Snort-users] Tcpdump logging"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]