[Oisf-users] Is there any possible Suricata could support OpenAppId?
Michał Purzyński
michalpurzynski1 at gmail.com
Fri Jan 30 10:16:20 UTC 2015
+1 to this idea, sounds interesting.
On Fri, Jan 30, 2015 at 10:29 AM, Liao Zhuodi <liao_zd at foxmail.com> wrote:
> Suricata support Lua script, and OpenAppID is actually functions in Lua like this:
>
> function DetectorInit(detectorInstance)
> gDetector = detectorInstance
> gDetector:addAppUrl(0, 0, 0, 52, 13, "msn.com", "/", "http:", "", 308)
> return gDetector
> end
>
> and the best part about OpenAppID is it can generate app statics, does suricata has similar function?
> #> u2openappid /var/log/snort/appstats-u2.log.1393807981
> statTime="1393807860",appName="chrome",txBytes="6043",rxBytes="111267"
> statTime="1393807860",appName="dns",txBytes="8708",rxBytes="38103"
>
> OpenAppID: http://blog.snort.org/2014/03/firing-up-openappid.html
>
> Liao
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Training now available: http://suricata-ids.org/training/
More information about the Oisf-users
mailing list