[Snort-users] host attribute table - feature request

Matt Olney molney at ...1935...
Mon Mar 22 16:27:01 EDT 2010


In 2.8.6rc1, at least I get the following:

===============================================================================
Attribute Table Stats:
    Number Entries: 1
    Table Reloaded: 0
===============================================================================

In the Snort output.  Is that sufficient?  I'll put a feature request bug
in, but I'm just making sure this isn't what you are looking for,

Matt

On Mon, Mar 22, 2010 at 4:15 PM, Crook, Parker <Parker_Crook at ...14786...>wrote:

>  Thanks Joel, I appreciate it.
>
>
>
> -Parker
>  ------------------------------
>
> *From:* Joel Esler [mailto:joel.esler at ...14399...]
> *Sent:* Monday, March 22, 2010 2:55 PM
> *To:* Crook, Parker
> *Cc:* snort-users at lists.sourceforge.net List;
> snort-devel-request at lists.sourceforge.net
>
> *Subject:* Re: [Snort-users] host attribute table - feature request
>
>
>
> Parker,
>
>
>
> I've cc'ed the snort-devel list.  I'm not aware if the developers are on
> the snort-users list.
>
>
>
> J
>
>
>
> On Mar 22, 2010, at 1:35 PM, Crook, Parker wrote:
>
>
>
>  After speaking with Andy about getting hogger to create the host
> attribute table, he asked how he would know if Snort successfully slurped up
> the attribute file.  I did some checking on my installation and went through
> the logs and noticed there is not any sort of indication of whether or not
> Snort is using a host attribute table.
>
>
>
> Would it be possible to add this feature so that we can receive
> confirmation that we are or are not using the host attribute feature?
> (similar to the message on PCAP frames)
>
>
>
> --
> Joel Esler
> http://blog.joelesler.net
>
>
>
>
>
> ------------------------------------------------------------------------------
> Download Intel® Parallel Studio Eval
> Try the new software tools for yourself. Speed compiling, find bugs
> proactively, and fine-tune applications for parallel performance.
> See why Intel Parallel Studio got high marks during beta.
> http://p.sf.net/sfu/intel-sw-dev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100322/6bb3dc47/attachment.html>


More information about the Snort-users mailing list