[Snort-sigs] Re: Is it possible to Log Headers not Data?
stuart_jenkins at ...12...
Sat Aug 16 02:02:04 EDT 2003
its just snort -v -l log
However, This logs traffic based on source ip.
>From: "Stuart Jenkins" <stuart_jenkins at ...12...>
>To: snort-sigs at lists.sourceforge.net
>CC: stuart_jenkins at ...12...
>Subject: Is it possible to Log Headers not Data?
>Date: Sat, 16 Aug 2003 08:48:31 +0000
>I am looking at using Snort to log packet sizes based on traffic between
>Home IP's and Internet, i.e. Log the packet sizes of all packets to a web
>server (for Internet traffic).
>I could log all the packets, and then parse the logs to get Dsize/DgmLen
>(which then I could total up) but I am going to get all the data as well,
>(which at this point I don't want to store - however temprariliy)
>I have looked at the rules, and there is the ability to log packets etc,
>but they all seem to log the data and its the headers, whilst I only want
>the headers, specifically dgmLen only if possible.
>Whilst Snort is not designed for totalling up bandwidth usage stats, the
>above idea would allow me to do just that (if any one knows of a better way
>of doing it that would be gratefully recieved)
>Any rules/ideas/comments appreciated
MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*.
More information about the Snort-sigs