[Snort-users] snort and squid

Helmut Schneider jumper99 at ...348...
Thu Jan 17 05:46:16 EST 2008


Hi,

I'm using snort 2.7 on two machines, one at a hub next to the router and the
firewall and since yesterday a second sensor on my proxy (squid). All
web-traffic must go through the proxy.
The first sensor gives information about e.g. that one uses google desktop
but does not say which client (of course, as source is the proxy). So I
installed snort as a second sensor on the proxy but without success. The
alerts the first sensors finds are not found on the second sensor (the squid
protocol might differ from HTTP).

Is there a way to configure snort to reveal which exact client "breaks"
policies?

Thanks, Helmut 





More information about the Snort-users mailing list