[Oisf-users] Logging full sessions and HTTP logs concurrently
Victor Julien
lists at inliniac.net
Thu Sep 19 07:33:51 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 09/19/2013 09:07 AM, Edward Fjellskål wrote:
> https://redmine.openinfosecfoundation.org/issues/120
>
> Snort would be able to do this like:
>
> *alert tcp 85.19.221.54 any <> $HOME_NET any (msg:”GL Log Packet
> Evil-IP 85.19.221.54 (gamelinux.org <http://gamelinux.org>)”;
> flags:S; tag:session,1000,bytes,100,seconds,0,packets;
> classtype:trojan-activity; sid:201102011; rev:1;)*
We support this tagging as well, never really benched it.
- --
- ---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
- ---------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlI6qNwACgkQiSMBBAuniMdDygCfZZlCrjgcuk/7svb+wflh7TuW
+LMAnix912WIG/Uz0bfbAYAp+UEayj48
=l6yu
-----END PGP SIGNATURE-----
More information about the Oisf-users
mailing list