[Snort-sigs] Web Traffic Rule

Zakai Kinan titanyen2000 at ...144...
Wed Feb 13 22:30:23 EST 2008


the web server log does not work for you?


ZK



--- Michael Wisniewski <wiz561 at ...2420...> wrote:

> Hi!
> 
> I need to monitor internet traffic with who goes to
> which URL and
> path. I've done a search here, and people say to use
> 'squid'. However,
> I already setup snort and would like to do other
> things with it in the
> future.
> 
> If anybody can suggest a rule that I can use to
> accomplish this,
> please let me know.  I've tried this rule...
> 
> alert tcp any any -> any 80 (msg:"general web
> traffic";content:"GET";sid:900001; rev:1;)
> 
> And it works, but it logs the whole payload, and I'm
> just interested
> in the IP and the path the user went to.
> 
> Thanks...
> 
>
-------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio
> 2008.
>
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
>
https://lists.sourceforge.net/lists/listinfo/snort-sigs
> 



      ____________________________________________________________________________________
Never miss a thing.  Make Yahoo your home page. 
http://www.yahoo.com/r/hs




More information about the Snort-sigs mailing list