No subject


Thu Nov 23 16:31:58 EST 2017


nothing from my ruletype directive invokation (although other plugins do 
work).  I've included these directives below.

If anybody has come across this and fixed it, please let me know, 
otherwise I will track it down over the next week or so.

Cheers, Alan

#
# Enchant Traffic Monitor stuff ...
#

ruletype monitor {
   type alert
# this next guy is logging everything - but have to do something to
# reassemble pkt to get size???  (also can probably do some funky binary
#   mode but this -b option seems to override conf file output params...)
#   output log_tcpdump: /var/log/snort/traffic
# this next guy only puts to/from port info - no pkt sizes
#   output alert_fast: /var/log/snort/traffic
# this next guy splits headers from packets in files :(
#   output alert_full: /var/log/snort/traffic
# this next guy doesn't seem to be working :(
   output alert_unixsock
# this next one should work with 2.1.1 which has our csv patch ...
  output alert_CSV: /var/log/snort/traffic 
proto,src,srcport,dst,dstport,ethlen
}

# all traffic ...
monitor tcp  $EXTERNAL_NET any <> $HOME_NET any
monitor udp  $EXTERNAL_NET any <> $HOME_NET any
monitor icmp $EXTERNAL_NET any <> $HOME_NET any







More information about the Snort-devel mailing list