[Oisf-users] fast.log fields and vrt rules question
Leonard Jacobs
ljacobs at netsecuris.com
Sat Jul 6 13:54:27 UTC 2013
This link might help you decipher the rules structure.
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricata_Rules
-----Original Message-----
From: oisf-users-bounces at openinfosecfoundation.org [mailto:oisf-users-bounces at openinfosecfoundation.org] On Behalf Of mouna amani
Sent: Saturday, July 06, 2013 6:32 AM
To: oisf-users at openinfosecfoundation.org; oisf-users-bounces at openinfosecfoundation.org
Subject: [Oisf-users] fast.log fields and vrt rules question
I got the following line in my fast.log
07/05/2013-20:33:47.183109 [**] [1:2101201:10] GPL WEB_SERVER 403 Forbidden [**] [Classification: Attempted Information Leak] [Priority:
2] {TCP} 192.168.50.3:80 -> 192.168.50.55:16476
I would like to know what each field means :) any link will be helpful
I would like to use emmerging rules + VRT rules what url should I add to my oinkmaster.conf to download VRT rules ???
thanks :)
_______________________________________________
Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
OISF: http://www.openinfosecfoundation.org/
More information about the Oisf-users
mailing list