[Snort-users] snort and squid

Paul Melson pmelson at ...11827...
Thu Jan 17 07:06:22 EST 2008

Add 3128 to HTTP_PORTS in your snort.conf.  All of your HTTP rules
will be looking on port 80 and the traffic to thw proxy is on 3128.


On 1/17/08, Helmut Schneider <jumper99 at ...348...> wrote:
> Hi,
> I'm using snort 2.7 on two machines, one at a hub next to the router and the
> firewall and since yesterday a second sensor on my proxy (squid). All
> web-traffic must go through the proxy.
> The first sensor gives information about e.g. that one uses google desktop
> but does not say which client (of course, as source is the proxy). So I
> installed snort as a second sensor on the proxy but without success. The
> alerts the first sensors finds are not found on the second sensor (the squid
> protocol might differ from HTTP).
> Is there a way to configure snort to reveal which exact client "breaks"
> policies?
> Thanks, Helmut
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2008.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

More information about the Snort-users mailing list