Snort -> Dump Payload
-
Hi,
I'd like to have more information included in Snorts alerts, such as HTTP GET or POST for example.
Is it possible to log HTTP-Requests, or package payload in general? Where does snort store the dumped payload?Is the only way to analyze the pcap-files to download them via ssh/scp?
Best regards
Thomas -
In additoin to scp, you can download the PCAPs via the webgui Services->Snort->Alerts, Alert Log Actions: Download
But if the alert file gets too big it can cause the php process to crash and you may have to resort back to scp.