[Oisf-users] Is there any possible Suricata could support OpenAppId?

Liao Zhuodi liao_zd at foxmail.com
Fri Jan 30 09:29:44 UTC 2015


Suricata support Lua script, and OpenAppID is actually functions in Lua like this:

function DetectorInit(detectorInstance)
    gDetector = detectorInstance
    gDetector:addAppUrl(0, 0, 0, 52, 13, "msn.com", "/", "http:", "", 308)
    return gDetector
end

and the best part about OpenAppID is it can generate app statics, does suricata has similar function?
#> u2openappid /var/log/snort/appstats-u2.log.1393807981
statTime="1393807860",appName="chrome",txBytes="6043",rxBytes="111267"
statTime="1393807860",appName="dns",txBytes="8708",rxBytes="38103"

OpenAppID: http://blog.snort.org/2014/03/firing-up-openappid.html

Liao


More information about the Oisf-users mailing list