[Snort-devel] stream4 preprocessor

Glenn MacGregor gtm at ...2516...
Thu Apr 29 09:16:27 EDT 2004


Hi All,

Right now I am using snort for just intrusion detection. I saw that I can setup 
the stream4 preprocessor to write all tcp connections to a unified file upon 
restart. This is a great feature! Unfortunatly I need a bit more, I would like a 
unified format file of all traffic (TCP, UDP and ICMP). I can't find anything 
within snort that will do this.

So I thinking about writing a preprocessor (or whatever) to collect all the 
stats. Basically a copy of the stream4 that accepts all types of traffic and 
does nothing else but write that file.

Did I miss something, is there something in snort that will do this for me? If 
not can anyone suggest a starting point on writing a module 
(preprocessor/input-plugin/output-plugin, whichever is appropriate) to do this.

  Thanks

     Glenn  

Glenn MacGregor
HighStreet Networks

-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/




More information about the Snort-devel mailing list