[Snort-devel] Question regarding snort statistics
etsamour at ...3288...
Fri May 4 06:45:35 EDT 2012
My name is Efi and Im a PhD student. Im writing this email, since I
want to find out how to monitor for each rule and for each input
packet which of the rule's predicates were satisfied and which not for
the specific packet that is currently being processed. For example,
given the rule
alert tcp 188.8.131.52 any -> 184.108.40.206 80 (content:"BOB"; gid:1000001;
i want for each packet statistics of the form:
Packet 1 satisfied Protocol=tcp and srcIp = 220.127.116.11
and did not satisfy destIp = 18.104.22.168 and destport = 80 and content = "BOB"
What are the modifications that need to be performed to the src to get
this info? For example, which functions, data structures hold this
More information about the Snort-devel