[Snort-users] host attribute table - feature request

Crook, Parker Parker_Crook at ...14786...
Mon Mar 22 16:33:55 EDT 2010


Matt,



No that's great -- I thought I remembered seeing something like that in my lab at home, but thought I was losing it when I couldn't get it here in the production environment (it was a late night coding session after all).



Thanks again,

Parker



  _____

From: Matt Olney [mailto:molney at ...1935...]
Sent: Monday, March 22, 2010 4:27 PM
To: Crook, Parker
Cc: Joel Esler; snort-devel-request at lists.sourceforge.net; snort-users at ...1753...s.sourceforge.net List
Subject: Re: [Snort-users] host attribute table - feature request



In 2.8.6rc1, at least I get the following:



===============================================================================

Attribute Table Stats:

    Number Entries: 1

    Table Reloaded: 0

===============================================================================



In the Snort output.  Is that sufficient?  I'll put a feature request bug in, but I'm just making sure this isn't what you are looking for,


Matt



On Mon, Mar 22, 2010 at 4:15 PM, Crook, Parker <Parker_Crook at ...14786...<mailto:Parker_Crook at ...14786...>> wrote:

Thanks Joel, I appreciate it.



-Parker

  _____

From: Joel Esler [mailto:joel.esler at ...14399...<mailto:joel.esler at ...14795.....>]
Sent: Monday, March 22, 2010 2:55 PM
To: Crook, Parker
Cc: snort-users at lists.sourceforge.net<mailto:snort-users at ...3783...net> List; snort-devel-request at lists.sourceforge.net<mailto:snort-devel-request at lists.sourceforge.net>


Subject: Re: [Snort-users] host attribute table - feature request



Parker,



I've cc'ed the snort-devel list.  I'm not aware if the developers are on the snort-users list.



J



On Mar 22, 2010, at 1:35 PM, Crook, Parker wrote:



After speaking with Andy about getting hogger to create the host attribute table, he asked how he would know if Snort successfully slurped up the attribute file.  I did some checking on my installation and went through the logs and noticed there is not any sort of indication of whether or not Snort is using a host attribute table.



Would it be possible to add this feature so that we can receive confirmation that we are or are not using the host attribute feature? (similar to the message on PCAP frames)



--
Joel Esler
http://blog.joelesler.net






------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net<mailto:Snort-users at lists.sourceforge.net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users<https://lists.sourceforge.net/lists/listinfo/snort-users%0d%0aSnort-users> list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100322/733d0576/attachment.html>


More information about the Snort-users mailing list