10-17-2007 03:23 AM - edited 03-10-2019 03:50 AM
Is there a way to include the first 64 bytes of a packet in the alarm message for a particular signature?
10-17-2007 05:45 AM
You can include the entire trigger packet by adding the 'produce verbose alert' action to a signature. Specific engines include a certain amount of "contextual" data but it's not documented which do and how much.
10-17-2007 06:07 AM
Thats great thanx, for packet capture I can use "IP logging".
Mike j
10-17-2007 06:09 AM
or you can add the 'log pair packets' action to a specific signature. The caveat however is that the capture starts with the trigger packet.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide