I would like to store in a file everything that goes through my pop3/imap/smtp server and run a string search in this file. the string search will be easy but I have no idea on how to have everything going in a file (or 3 files for each server)

anyone have an idea?

thx

Unless I've misunderstood you, either ethereal or snort could be used to do this. You'd probably want to go with Snort since it's command-line based and can run in the background less intrusively than ethereal. Snort can store (iirc) the entire contents of the packets it 'hears' either in one ASCII text file, multiple ASCII files (sorted by src addr, dst addr and dst port) or one big binary file, which is good for high-traffic sites since it stores the data more efficiently. You can then just use grep to search the text files or open the binary dumpfile in tcpdump or ethereal.

Snort, however, doesn't come with rh so you'll have to go to snort.org to get it.

"Unless I've misunderstood you" -> yes I'm sorry for my poor english

well I'll give a try with snort thx for your advice