[Snort-users] heavy logging...

Martin Roesch roesch at ...421...
Wed Oct 25 02:02:26 EDT 2000

It'd be pretty damn trivial to write a preprocessor to do this.  Is all you
want a record of the source and destination ports and IPs for SYN packets
going to port 88?  If so, I'll whip that up for you in about 30 minutes...


Sean.McHugh at ...668... wrote:
> I want to create a rule that plainly logs access to a webserver
> running on port 88 using SSL for all connections.  I want to get as few
> alerts on this as possible - right now i'm testing for ack:0, but due to
> the number of sessions the client creates, it's still a lot.
> anyonew have any tips on whittling this down.
> Oh, the webserver doesn't have a logging facility - don't ask...
> thanks.
> Sean McHugh, MCP
> Sungard ePI Inc.
> Regional Systems Administrator
> 45 Broadway
> New York, NY 10006
> Wk phone: 212-806-4972
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> http://lists.sourceforge.net/mailman/listinfo/snort-users

Martin Roesch
roesch at ...421...

More information about the Snort-users mailing list