[Snort-sigs] Web Traffic Rule

Will Metcalf william.metcalf at ...2420...
Wed Feb 13 16:33:46 EST 2008


square peg,round hole use a proxy server....

On Feb 13, 2008 3:28 PM, Michael Wisniewski <wiz561 at ...2420...> wrote:
> Hi!
>
> I need to monitor internet traffic with who goes to which URL and
> path. I've done a search here, and people say to use 'squid'. However,
> I already setup snort and would like to do other things with it in the
> future.
>
> If anybody can suggest a rule that I can use to accomplish this,
> please let me know.  I've tried this rule...
>
> alert tcp any any -> any 80 (msg:"general web
> traffic";content:"GET";sid:900001; rev:1;)
>
> And it works, but it logs the whole payload, and I'm just interested
> in the IP and the path the user went to.
>
> Thanks...
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2008.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>




More information about the Snort-sigs mailing list