[Snort-sigs] Web Traffic Logging

Travis Rodak travis at ...1776...
Fri Aug 15 13:51:14 EDT 2003


I am currently using snort in IDS mode storing into MySQL.  This is 
working great.  I have currently configured the general IDS alerts to 
log to one DB and then have defined a new rule type that outputs to an 
entirely different DB.  I would like to use this DB for web traffic 
logging.  $home_net to $external_ net (web traffic only).  Eventually 
using this data to generate employee web usage reports.  I have written 
several different rules but I am afraid that I am missing something so 
decided to seek out the lists help in coming up with one rule or a group 
of rules that would accomplish this task.  Please Advise...

Travis





More information about the Snort-sigs mailing list