[Oisf-users] Best way to GET packet content and sent it by email
Alan Wanderley dos Santos
alan.santos at rnp.br
Mon Dec 28 13:40:17 UTC 2015
Hi all,
I use a script to grab each event from fast.log. For each event, the script send a email with the event data (just the line from fast.log). How can i get packet data in human readable mode and send it in this same email? I try use pcap.log (and tcpdump for read it), but, there are not any kind of identification that i can connect an event with a specific packet data. I think use the time, but is not a effect way to do this(Can be 2 or N events in the same time). Other option is match every attribute from event to package data (ip_source, ip_dest, port_source, port_dest, protocol, time etc). But, i think that isan't the best way to do the job.
Can you help-me guys?
Best Regards,
-----------------------------------------------
Alan Santos
Analista de Segurança
Centro de Atendimento a Incidentes de Segurança (CAIS)
Rede Nacional de Ensino e Pesquisa (RNP)
(19) 3787-3314 | alan.santos at rnp.br
More information about the Oisf-users
mailing list