[Oisf-users] Best way to GET packet content and sent it by email

[Andreas Herz]

Hi Alan,

On 28/12/15 at 11:40, Alan Wanderley dos Santos wrote:
> Hi all,
> 
> I use a script to grab each event from fast.log. For each event, the
> script send a email with the event data (just the line from fast.log).
> How can i get packet data in human readable mode and send it in this
> same email? I try use pcap.log (and tcpdump for read it), but, there
> are not any kind of identification that i can connect an event with a
> specific packet data. I think use the time, but is not a effect way to
> do this(Can be 2 or N events in the same time). Other option is match
> every attribute from event to package data (ip_source, ip_dest,
> port_source, port_dest, protocol, time etc). But, i think that isan't
> the best way to do the job.
> 
> Can you help-me guys?

You could try the alert-debug.log and see if that content (human
readable) matches your need and also contains the relevant event infos.

-- 
Andreas Herz