[Oisf-users] Logging full sessions and HTTP logs concurrently
Victor Julien
lists at inliniac.net
Thu Sep 19 09:13:45 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 09/19/2013 09:33 AM, Victor Julien wrote:
> On 09/19/2013 09:07 AM, Edward Fjellskål wrote:
>> https://redmine.openinfosecfoundation.org/issues/120
>
>> Snort would be able to do this like:
>
>> *alert tcp 85.19.221.54 any <> $HOME_NET any (msg:”GL Log Packet
>> Evil-IP 85.19.221.54 (gamelinux.org <http://gamelinux.org>)”;
>> flags:S; tag:session,1000,bytes,100,seconds,0,packets;
>> classtype:trojan-activity; sid:201102011; rev:1;)*
>
> We support this tagging as well, never really benched it.
Except that it is broken. Working on fixes :)
https://redmine.openinfosecfoundation.org/issues/968
https://redmine.openinfosecfoundation.org/issues/969
- --
- ---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
- ---------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlI6wEkACgkQiSMBBAuniMc99wCdGWeeHtaNFQ4WyqWyiKZujVzC
sGoAniNCJC0uveO0DREsM76afyPP4jW0
=T3cF
-----END PGP SIGNATURE-----
More information about the Oisf-users
mailing list