[Snort-users] Application layer only

Warrick FitzGerald wfitzgerald at ...4613...
Thu Jan 17 15:36:07 EST 2002


Hi All,

I am trying to log only HTTP headers, ie I don't care about the SYN ACK ...
I only want the packets that contain HTTP headers from a certain IP.

Does anyone have a clue how I would go about doing this, and if so do you
know how I can log this using the XML module ?

Much Appreciated
Warrick







More information about the Snort-users mailing list