|Main Archive Page > Month Archives > snort-users archives|
Hello World. This is my first post.
I have looked for in the last time a manner to get one specific attack information from the snort dump file. So, I didn't find it. :/
For example, my snort is configured to gather packets on snort_tcpdump.log and alerts on alert.log. When I see one alert in alert.log, I need to get the packets from snort_tcpdump.log related to this alert. Someone can help me? Do exist one possibility to do this?
For example, I need a system very similar to that present in Honeywall CDROM (Honeynet Project). In this tool is possible to visualize the occurrences of alerts. By clicking on alerts we can choose a 'decode packets' option that show exactly the packets of this alert.
Is there an option like this on snort or tcpdump? I think this operation is performed by a set os perl scripts on Honeywall tool.
Thank for all.