[Oisf-users] Suricata's ability to capture the packet?
Cooper F. Nelson
cnelson at ucsd.edu
Wed Sep 9 20:14:38 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
That is provided by the 'unified2' logging described in the
suricata.yaml file.
Snort ships with a utility (u2boat) that can extract the raw packet
captures from the unified2 files.
- -Coop
On 9/9/2015 12:17 PM, Saxena, Samiksha wrote:
> Hi,
>
>
>
> We’re working on the project to bring Suricata as the IDS/IPS instead of
> using Snort.
>
> One question I have is, I was told that Snort have the ability to
> capture the packet and write it into the log file if it is match with
> one of the existing signature.
>
> For example, when this is a packet that match our rule, an alert event
> will be generated and following by the hex encoded packet capture. Then
> somebody can decode it and see a snippet in pcap ascii output or something.
>
>
>
> I’m pretty new to IDS/IPS system, and not sure how exactly Snort does
> this (maybe the ‘log’ action in rule?). I’m wondering this there any
> similar functionality the Suricata provide?
>
>
>
>
> Thanks
>
> Samiksha
>
>
>
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 4 & 5 in Barcelona: http://oisfevents.net
>
- --
Cooper Nelson
Network Security Analyst
UCSD ACT Security Team
cnelson at ucsd.edu x41042
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
iQEcBAEBAgAGBQJV8JMuAAoJEKIFRYQsa8FWEy4IAMdlau1fMSocdfU/bgbFmk2A
ymPguLz9oZAerCu6bhKwv9UFHO1amJg1ulF3GYgIf5Wl+fkAXtGFY3JPx9o0j5Cy
sQhzC8hqfBbUkH/Eywgj4bymjDtBq/1EWnH7eZ920xqsT2DiBouZ3MqdD0uB5JU6
5dqCecvjOOgCIN0lnXxyiZUvWavWExNXb/FoFoGfzIAgf9w40BGllHPLsF+S1EGV
XDW05u4ULDQIV2+0rz5DHdrhn2RiRgvdOZLS9V6gNNCDHuMjryQ0+qxMLbeR+CyG
kF7za1s9SJeoSRe7Hw0YuE5JFbf9IMF3Q1rnXogrslPACYbqAjFvYhjc9IS0Pzc=
=6lCe
-----END PGP SIGNATURE-----
More information about the Oisf-users
mailing list