[Snort-users] heavy logging...

Martin Roesch roesch at ...421...
Wed Oct 25 02:02:26 EDT 2000


It'd be pretty damn trivial to write a preprocessor to do this.  Is all you
want a record of the source and destination ports and IPs for SYN packets
going to port 88?  If so, I'll whip that up for you in about 30 minutes...

    -Marty

Sean.McHugh at ...668... wrote:
> 
> I want to create a rule that plainly logs access to a webserver
> running on port 88 using SSL for all connections.  I want to get as few
> alerts on this as possible - right now i'm testing for ack:0, but due to
> the number of sessions the client creates, it's still a lot.
> anyonew have any tips on whittling this down.
> 
> Oh, the webserver doesn't have a logging facility - don't ask...
> 
> thanks.
> 
> Sean McHugh, MCP
> Sungard ePI Inc.
> Regional Systems Administrator
> 45 Broadway
> New York, NY 10006
> Wk phone: 212-806-4972
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> http://lists.sourceforge.net/mailman/listinfo/snort-users

-- 
Martin Roesch
roesch at ...421...
http://www.snort.org



More information about the Snort-users mailing list