[Snort-users] Protocol/Service/Source Bytes/Dest bytes needed

Bamm Visscher bamm at ...539...
Wed Apr 23 10:16:10 EDT 2003


You can use the 'keepstats' option in stream4 (although this will only give you info for tcp streams).

<snip>
#   keepstats [machine|binary] - keep session statistics, add "machine" to 
#                         get them in a flat format for machine reading, add
#                         "binary" to get them in a unified binary output 
#                         format
</snip>

There is a patch available for stream4 w/sguil (http://www.satexas.com/~bamf/sguil/) that adds the option to write stats in a pipe delimated format every 'n' secs for easy loading into a DB.

Bammkkkk

On Wed, Apr 23, 2003 at 01:17:36PM -0300, Malcolm Rodgers wrote:
> Hi,
> 
> I'd like to use snort to log the following information on a connection
> basis:
> 
> protocol/service/src bytes/dest bytes and possibly time stamp
> 
> So I could create a data file similar to the data set listed here on this
> KDD web page:
> 
> http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
> 
> specifically
> 
> http://kdd.ics.uci.edu/databases/kddcup99/kddcup.data_10_percent.gz
> 
> What will be the easiest way for me to do this?
> 
> Thanks for any pointers:




More information about the Snort-users mailing list