[Oisf-users] Logging full sessions and HTTP logs concurrently

Edward Fjellskål edwardfjellskaal at gmail.com
Thu Sep 19 09:24:28 UTC 2013


I googled, but did not find any docs about it.... saw some hits on the
sourcecode, but did not dig into them.

This is a great feature to have though, and I guess one can use this for a
fairly good packet capture and might satisfy the initial request?

E


On Thu, Sep 19, 2013 at 9:33 AM, Victor Julien <lists at inliniac.net> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 09/19/2013 09:07 AM, Edward Fjellskål wrote:
> > https://redmine.openinfosecfoundation.org/issues/120
> >
> > Snort would be able to do this like:
> >
> > *alert tcp 85.19.221.54 any <> $HOME_NET any (msg:”GL Log Packet
> > Evil-IP 85.19.221.54 (gamelinux.org <http://gamelinux.org>)”;
> > flags:S; tag:session,1000,bytes,100,seconds,0,packets;
> > classtype:trojan-activity; sid:201102011; rev:1;)*
>
> We support this tagging as well, never really benched it.
>
> - --
> - ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> - ---------------------------------------------
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iEYEARECAAYFAlI6qNwACgkQiSMBBAuniMdDygCfZZlCrjgcuk/7svb+wflh7TuW
> +LMAnix912WIG/Uz0bfbAYAp+UEayj48
> =l6yu
> -----END PGP SIGNATURE-----
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/
>



-- 
Edward Bjarte Fjellskål
Senior Security Analyst
http://www.gamelinux.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20130919/08d8116f/attachment-0002.html>


More information about the Oisf-users mailing list