FLoP - 1.6.0: Fast Logging Project for Snort
PrevChapter 7. The program getpacketNext

7.2. The command line options of getpacket

   getpacket [-ahtvz] [-c ConfigFile] [-C PacketCount] [-S SensorID] [-w DumpFile]

The getpacket options in detail

-a

Build a pcap file of all packets with the same revision (tagged packets) which contain SID and CID. The option -t is automatically activated. Therefore you need an extended database scheme (see README.payload).

-c ConfigFile

Specifies which configuration file should be used. The default is getpacket.conf in the installation configuration directory. It is also possible to use the servsock.conf of servsock. The not needed keywords are ignored, only a warning is printed to stdout. This configuration file contains the data to needed to access the database.

-CCounterID

Specifies the counter CID of the alert in the database. Together with the sensor ID SID this data is unambiguous specified.

-SSensorID

Specifies the ID of the sensor SID in the database. Together with the CID is the data is unambiguous specified.

-t

Specifies that getpacket should attempt to use the reference column to include all the tagged packets relating to the initial SID/CID pair.

-v

Prints information about the version and exits.

-w DumpFile

Specifies which file is used to store the pcap data. If the special file name "-" is mentioned then the pcap data is written to stdout.

-z

Deactive the recreation of a pcap file with tagged packets. This way it is possible to disable the activation within the configuration file.

PrevHomeNext
The program getpacketUpThe configuration file of getpacket