[Snort-users] (no subject)

Martin Roesch roesch at ...421...
Wed Oct 25 02:09:32 EDT 2000


Anthony Pardini wrote:
> 
> log tcp any any <> any any (logto:"loginlog";msg:"Login
> Sniffer";content:"login"
> ;nocase;session: printable)
> 
> in an attempt to look for login names being used I came up with this rule.
> It only logs the prompt, not the response to the prompt. How would I be
> able to log the username ?

Use the CVS version's dynamic rules.  It's imprecise, but it'll do the job for
the moment.  We've got better things planned.

> Also, in what version of snort does the content-list option work ?

1.6.3+

    -Marty

-- 
Martin Roesch
roesch at ...421...
http://www.snort.org



More information about the Snort-users mailing list