[Snort-sigs] Is it possible to Log Headers not Data?
stuart_jenkins at ...12...
Sat Aug 16 01:56:03 EDT 2003
I am looking at using Snort to log packet sizes based on traffic between
Home IP's and Internet, i.e. Log the packet sizes of all packets to a web
server (for Internet traffic).
I could log all the packets, and then parse the logs to get Dsize/DgmLen
(which then I could total up) but I am going to get all the data as well,
(which at this point I don't want to store - however temprariliy)
I have looked at the rules, and there is the ability to log packets etc, but
they all seem to log the data and its the headers, whilst I only want the
headers, specifically dgmLen only if possible.
Whilst Snort is not designed for totalling up bandwidth usage stats, the
above idea would allow me to do just that (if any one knows of a better way
of doing it that would be gratefully recieved)
Any rules/ideas/comments appreciated
Add photos to your messages with MSN 8. Get 2 months FREE*.
More information about the Snort-sigs