Snort -> Dump Payload

  • Hi,

    I'd like to have more information included in Snorts alerts, such as HTTP GET or POST for example.
    Is it possible to log HTTP-Requests, or package payload in general? Where does snort store the dumped payload?

    Is the only way to analyze the pcap-files to download them via ssh/scp?

    Best regards

  • In additoin to scp, you can download the PCAPs via the webgui Services->Snort->Alerts, Alert Log Actions: Download

    But if the alert file gets too big it can cause the php process to crash and you may have to resort back to scp.

Log in to reply