[Snort-users] Protocol/Service/Source Bytes/Dest bytes needed
bamm at ...539...
Wed Apr 23 10:16:10 EDT 2003
You can use the 'keepstats' option in stream4 (although this will only give you info for tcp streams).
# keepstats [machine|binary] - keep session statistics, add "machine" to
# get them in a flat format for machine reading, add
# "binary" to get them in a unified binary output
There is a patch available for stream4 w/sguil (http://www.satexas.com/~bamf/sguil/) that adds the option to write stats in a pipe delimated format every 'n' secs for easy loading into a DB.
On Wed, Apr 23, 2003 at 01:17:36PM -0300, Malcolm Rodgers wrote:
> I'd like to use snort to log the following information on a connection
> protocol/service/src bytes/dest bytes and possibly time stamp
> So I could create a data file similar to the data set listed here on this
> KDD web page:
> What will be the easiest way for me to do this?
> Thanks for any pointers:
More information about the Snort-users