[Snort-sigs] Web Traffic Rule

Michael Wisniewski wiz561 at ...2420...
Wed Feb 13 16:28:31 EST 2008


Hi!

I need to monitor internet traffic with who goes to which URL and
path. I've done a search here, and people say to use 'squid'. However,
I already setup snort and would like to do other things with it in the
future.

If anybody can suggest a rule that I can use to accomplish this,
please let me know.  I've tried this rule...

alert tcp any any -> any 80 (msg:"general web
traffic";content:"GET";sid:900001; rev:1;)

And it works, but it logs the whole payload, and I'm just interested
in the IP and the path the user went to.

Thanks...




More information about the Snort-sigs mailing list