[Snort-devel] Can't read data_log output file (empty)
Ronin CS
ronincs17 at gmail.com
Mon Jul 17 18:20:22 EDT 2017
Hello everyone,
I'm trying to better understand how to handle events inside Snort++ using
data_log inspector as example. But at the moment, I can't really read the
output file because it's always empty for me.
Until now, I did the following changes to snort.lua:
- Added a new line "data_log = { key = 'http_raw_uri' }
- Changed the "http_inspector = { }" to "http_server = { }"
(As recommended here: http://marc.info/?l=snort-users&m=147422221322032&w=2)
And ran the command:
"sudo snort -c /opt/snort/etc/snort/snort.lua -R
/opt/snort/etc/snort/samples.rules -r http.cap -A alert_ex --plugin-path
/opt/snort/lib/snort_extra"
The http.cap I'm using is the one located at https://wiki.wireshark.org/
SampleCaptures
What am I missing here?
Thanks in advance,
Ronin.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20170717/a38e3c91/attachment.html>
More information about the Snort-devel
mailing list