[Snort-openappid] Logging & app_stats_period
aaron.glenn at ...8...
Sun Apr 17 11:00:58 EDT 2016
I have two questions, relating to logging as well as identification granularity:
- Is there a recommended or straightforward way to ship appstats logs
to either syslog or (ideally) convert to JSON directly? I tried
idstools u2json without success. Is anyone using an ELK stack or
similar with openappid?
- Can someone point me to more information on how the
app_stats_period configuration value changes openappid behavior? (I've
yet to dive into the code; I'm not much of a programmer...) Running
through larger pcaps I see some but not all of the "Facebook" and
More information about the Snort-openappid