Snort -> Dump Payload
treuss last edited by
I'd like to have more information included in Snorts alerts, such as HTTP GET or POST for example.
Is it possible to log HTTP-Requests, or package payload in general? Where does snort store the dumped payload?
Is the only way to analyze the pcap-files to download them via ssh/scp?
jeffhammett last edited by
In additoin to scp, you can download the PCAPs via the webgui Services->Snort->Alerts, Alert Log Actions: Download
But if the alert file gets too big it can cause the php process to crash and you may have to resort back to scp.