<![CDATA[Snort -> Dump Payload]]>

<![CDATA[Snort -> Dump Payload]]>Hi,

I'd like to have more information included in Snorts alerts, such as HTTP GET or POST for example.
Is it possible to log HTTP-Requests, or package payload in general? Where does snort store the dumped payload?

Is the only way to analyze the pcap-files to download them via ssh/scp?

Best regards
Thomas

]]>https://forum.netgate.com/topic/113606/snort-dump-payloadRSS for NodeSun, 12 Apr 2026 00:08:31 GMTMon, 27 Mar 2017 11:11:54 GMT60<![CDATA[Reply to Snort -> Dump Payload on Thu, 06 Apr 2017 23:53:43 GMT]]>In additoin to scp, you can download the PCAPs via the webgui Services->Snort->Alerts, Alert Log Actions: Download

But if the alert file gets too big it can cause the php process to crash and you may have to resort back to scp.

]]>https://forum.netgate.com/post/691808https://forum.netgate.com/post/691808Thu, 06 Apr 2017 23:53:43 GMT