[Snort-users] Logging of packets

Martin Roesch roesch at ...421...
Fri Sep 29 11:29:23 EDT 2000


The session plugin is coded to not accept UDP "sessions", since it's a
connectionless protocol.  If you guys really want, I can make it so that it
takes UDP as a transport protocol...

    -Marty

Richard Oyh wrote:
> 
> Thanks for pointing that out to me. I was able to log port 514 UDP packets
> with the following in my rules file.
> 
> log udp any any <> IP 514
> 
> It would seems that you can't log UDP with the session command for port 514.
> It is the same for the rest?
> 
> For those who have replied to my email, thank guys.
> 
> Regards
> Richard
> 
> >From: Fyodor <fygrave at ...121...>
> >Reply-To: fyodor at ...123...
> >To: Richard Oyh <richardoyh at ...125...>, snort-users at lists.sourceforge.net
> >Subject: Re: [Snort-users] Logging of packets
> >Date: Thu, 28 Sep 2000 12:34:38 +0700 (ICT)
> >
> >~ :
> >~ :log tcp any any <> $IP 23 (session: printable;)
> >~ :
> >~ :However when the following line was added to log syslog traffic, snort
> >~ :complain that it cannnot find the session file
> >~ :
> >~ :log udp any any <> $IP 514 (session; printable;)
> >~ :
> >
> >but there's no such thing as session with UDP, right?
> >
> 
> _________________________________________________________________________
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
> 
> Share information about yourself, create your own public profile at
> http://profiles.msn.com.
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> http://lists.sourceforge.net/mailman/listinfo/snort-users

-- 
Martin Roesch
roesch at ...421...
http://www.snort.org



More information about the Snort-users mailing list