[Oisf-users] Best way to GET packet content and sent it by email
Jason Ish
lists at unx.ca
Tue Dec 29 16:48:02 UTC 2015
On Mon, Dec 28, 2015 at 7:40 AM, Alan Wanderley dos Santos
<alan.santos at rnp.br> wrote:
> Hi all,
>
> I use a script to grab each event from fast.log. For each event, the script send a email with the event data (just the line from fast.log). How can i get packet data in human readable mode and send it in this same email? I try use pcap.log (and tcpdump for read it), but, there are not any kind of identification that i can connect an event with a specific packet data. I think use the time, but is not a effect way to do this(Can be 2 or N events in the same time). Other option is match every attribute from event to package data (ip_source, ip_dest, port_source, port_dest, protocol, time etc). But, i think that isan't the best way to do the job.
>
> Can you help-me guys?
I'd look at the eve.log instead of the fast.log. It gives you the
option to include the payload (a little different from the packet,
usually more useful) in a printable format. Its also JSON, so
depending on what you are using for your script, it may be more useful
as well.
Jason
More information about the Oisf-users
mailing list