[Snort-sigs] Re: Is it possible to Log Headers not Data?

Stuart Jenkins stuart_jenkins at ...12...
Sat Aug 16 02:02:04 EDT 2003


please ignore

its just snort -v -l log

However, This logs traffic based on source ip.


>From: "Stuart Jenkins" <stuart_jenkins at ...12...>
>To: snort-sigs at lists.sourceforge.net
>CC: stuart_jenkins at ...12...
>Subject: Is it possible to Log Headers not Data?
>Date: Sat, 16 Aug 2003 08:48:31 +0000
>
>I am looking at using Snort to log packet sizes based on traffic between 
>Home IP's and Internet, i.e. Log the packet sizes of all packets to a web 
>server (for Internet traffic).
>
>I could log all the packets, and then parse the logs to get Dsize/DgmLen 
>(which then I could total up) but I am going to get all the data as well, 
>(which at this point I don't want to store - however temprariliy)
>
>I have looked at the rules, and there is the ability to log packets etc, 
>but they all seem to log the data and its the headers, whilst I only want 
>the headers, specifically dgmLen only if possible.
>
>Whilst Snort is not designed for totalling up bandwidth usage stats, the 
>above idea would allow me to do just that (if any one knows of a better way 
>of doing it that would be gratefully recieved)
>
>Any rules/ideas/comments appreciated
>
>Stuart
>

_________________________________________________________________
MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*.  
http://join.msn.com/?page=features/virus





More information about the Snort-sigs mailing list