[Snort-devel] FW: does anybody know about this log?

김무성 kimms at ...3084...
Sun Apr 11 20:48:36 EDT 2010


 

 

From: 김무성 
Sent: Monday, April 12, 2010 9:26 AM
To: 'snort-users at lists.sourceforge.net'; 'snort-sigs at lists.sourceforge.net'
Subject: does anybody know about this log?

 

Hello.

I want to log detection or trigger time.
I saw some blog. and I could find information
look at this.

[Detect] Stime = 07/09-14:19:25.138247 ========
[DcodeContentMatch] Stime = 07/09-14:19:25.138259 ========
[DcodeContentMatch] Etime = 07/09-14:19:25.138269 ========
[nonContentOTNz] Stime = 07/09-14:19:25.138279 ========
[nonContentsOTNz] Etime = 07/09-14:19:25.138287 ========
[Detect] Etime = 07/09-14:19:25.138295 ========

how can i log above information?
are there any option for this in snort(snort.conf, /snort/log)?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20100412/969a1a91/attachment.html>


More information about the Snort-devel mailing list