[Snort-users] host attribute table - feature request

Ryan Jordan ryan.jordan at ...1935...
Mon Mar 22 16:45:22 EDT 2010


If you're not seeing those stats, make sure you compiled Snort with
--enable-targetbased.

-Ryan

On Mon, Mar 22, 2010 at 4:33 PM, Crook, Parker <Parker_Crook at ...14786...> wrote:
> Matt,
>
>
>
> No that’s great -- I thought I remembered seeing something like that in my
> lab at home, but thought I was losing it when I couldn’t get it here in the
> production environment (it was a late night coding session after all).
>
>
>
> Thanks again,
>
> Parker
>
>
>
> ________________________________
>
> From: Matt Olney [mailto:molney at ...1935...]
> Sent: Monday, March 22, 2010 4:27 PM
> To: Crook, Parker
> Cc: Joel Esler; snort-devel-request at lists.sourceforge.net;
> snort-users at lists.sourceforge.net List
>
> Subject: Re: [Snort-users] host attribute table - feature request
>
>
>
> In 2.8.6rc1, at least I get the following:
>
>
>
> ===============================================================================
>
> Attribute Table Stats:
>
>     Number Entries: 1
>
>     Table Reloaded: 0
>
> ===============================================================================
>
>
>
> In the Snort output.  Is that sufficient?  I'll put a feature request bug
> in, but I'm just making sure this isn't what you are looking for,
>
> Matt
>
>
>
> On Mon, Mar 22, 2010 at 4:15 PM, Crook, Parker <Parker_Crook at ...14786...>
> wrote:
>
> Thanks Joel, I appreciate it.
>
>
>
> -Parker
>
> ________________________________
>
> From: Joel Esler [mailto:joel.esler at ...14399...]
> Sent: Monday, March 22, 2010 2:55 PM
> To: Crook, Parker
> Cc: snort-users at lists.sourceforge.net List;
> snort-devel-request at lists.sourceforge.net
>
> Subject: Re: [Snort-users] host attribute table - feature request
>
>
>
> Parker,
>
>
>
> I've cc'ed the snort-devel list.  I'm not aware if the developers are on the
> snort-users list.
>
>
>
> J
>
>
>
> On Mar 22, 2010, at 1:35 PM, Crook, Parker wrote:
>
>
>
> After speaking with Andy about getting hogger to create the host attribute
> table, he asked how he would know if Snort successfully slurped up the
> attribute file.  I did some checking on my installation and went through the
> logs and noticed there is not any sort of indication of whether or not Snort
> is using a host attribute table.
>
>
>
> Would it be possible to add this feature so that we can receive confirmation
> that we are or are not using the host attribute feature? (similar to the
> message on PCAP frames)
>
>
>
> --
> Joel Esler
> http://blog.joelesler.net
>
>
>
> ------------------------------------------------------------------------------
> Download Intel® Parallel Studio Eval
> Try the new software tools for yourself. Speed compiling, find bugs
> proactively, and fine-tune applications for parallel performance.
> See why Intel Parallel Studio got high marks during beta.
> http://p.sf.net/sfu/intel-sw-dev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>
> ------------------------------------------------------------------------------
> Download Intel® Parallel Studio Eval
> Try the new software tools for yourself. Speed compiling, find bugs
> proactively, and fine-tune applications for parallel performance.
> See why Intel Parallel Studio got high marks during beta.
> http://p.sf.net/sfu/intel-sw-dev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>




More information about the Snort-users mailing list