[Snort-users] Fwd: data_log output

Russ rucombs at ...589...
Sun Jun 19 11:12:29 EDT 2016


On 6/19/16 5:16 AM, Sunil Koul wrote:
> Hello people
>
> I would like to know the correct usage for data_log inspector. When i use
> snort -c $my_path/etc/snort/snort.lua \
>         --plugin-path $my_path/lib/snort_extra \
>         -A alert_ex -r /path/to/my.pcap
> as mentioned in doc/usage.txt after including data_log = { key = 
> 'http_raw_uri' } in snort.lua, a data.log gets created in the home 
> directory but with no output(blank).
That should work.  What is in your pcap?
>
> How do i explicitly load only the data_log inspector to extract and 
> print data onto the data.log file?
You can trim the default conf but will need more than just data_log.  
You will need stream, http_inspect, etc.
>
> Thanks
> Sunil
>
>
>
> ------------------------------------------------------------------------------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
> patterns at an interface-level. Reveals which users, apps, and protocols are
> consuming the most bandwidth. Provides multi-vendor support for NetFlow,
> J-Flow, sFlow and other flows. Make informed decisions using capacity planning
> reports. http://sdm.link/zohomanageengine
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20160619/58781fdd/attachment.html>


More information about the Snort-users mailing list