[Oisf-devel] OpenBSD Suricata (again) and P2P detection
Henri Wahl
h.wahl at ifw-dresden.de
Fri Jun 1 10:34:56 UTC 2012
Hi
>
>
> and some of the sids that do not alert?
>
Here are extracts from the logs of Snort and Suricata:
root at gate:/etc/snort>zgrep P2P /var/log/snort/alert.0.gz | cut -d" "
-f4 | sort | uniq
[1:2003310:3]
[1:2003317:3]
[1:2003320:3]
[1:2008581:3]
[1:2008585:4]
[1:2009970:4]
[1:2009971:5]
[1:2010144:5]
[1:2012247:2]
[1:2102181:3]
[1:2181:5]
root at gate:/root>grep 05/31/2012 /var/log/suricata/fast.log | grep P2P |
cut -d" " -f4 | sort | uniq
[1:2003310:3]
[1:2003317:3]
[1:2009971:5]
Snort and Suricata .rules files are identical.
Regards
--
Henri Wahl
IT Department
Leibniz-Institut für Festkörper- u.
Werkstoffforschung Dresden
tel. (03 51) 46 59 - 797
email: h.wahl at ifw-dresden.de
http://www.ifw-dresden.de
Nagios status monitor for your desktop:
http://nagstamon.ifw-dresden.de
IFW Dresden e.V., Helmholtzstraße 20, D-01069 Dresden
VR Dresden Nr. 1369
Vorstand: Prof. Dr. Ludwig Schultz, Dr. h.c. Dipl.-Finw. Rolf Pfrengle
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4719 bytes
Desc: S/MIME Kryptografische Unterschrift
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20120601/db5a1f9a/attachment.bin>
More information about the Oisf-devel
mailing list