[Snort-sigs] Is Snort able to look in the http header?

benoni.martin at ...406... benoni.martin at ...406...
Wed Apr 10 10:03:14 EDT 2002


Hi!
Could someone tell me with what kind of rules I can grep some informations
about people browsing in my company:
1. login, e.g. toto.titi
2. time (that's easy)
3. IP adress source
The trouble is that I need for that to have a closer look in the http
header to find the login, and I didn't know if Snort is able to look there
and to display the login...
Thanks for any help!



*************************************************************************
Ce message et toutes les pieces jointes (ci-apres le "message") sont
confidentiels et etablis a l'intention exclusive de ses destinataires.
Toute utilisation ou diffusion non autorisee est interdite. 
Tout message electronique est susceptible d'alteration. 
La SOCIETE GENERALE et ses filiales declinent toute responsabilite au 
titre de ce message s'il a ete altere, deforme ou falsifie.
				********
This message and any attachments (the "message") are confidential and
intended solely for the addressees.
Any unauthorised use or dissemination is prohibited. 
E-mails are susceptible to alteration.   
Neither SOCIETE GENERALE nor any of its subsidiaries or affiliates 
shall be liable for the message if altered, changed or falsified. 

*************************************************************************





More information about the Snort-sigs mailing list