[Snort-users] Logging of packets
fygrave at ...121...
Thu Sep 28 20:07:58 EDT 2000
~ :Thanks for pointing that out to me. I was able to log port 514 UDP packets
~ :with the following in my rules file.
~ :log udp any any <> IP 514
~ :It would seems that you can't log UDP with the session command for port 514.
~ :It is the same for the rest?
Well, UDP is connection-less protocol, so such thing as `session' just do
not exist there. The code says the same thing:
FILE *OpenSessionFile(Packet *p, char *filename)
char session_file[STD_BUF]; /* name of session file */
if ((p->iph->ip_proto != IPPROTO_TCP) || (p->frag_flag) || p->tcph == NULL)
More information about the Snort-users