Snort mailing list archives
logging entire sessions
From: Avleen Vig <avleen () ivision co uk>
Date: Wed, 22 Aug 2001 00:48:01 +0100 (BST)
Anyone know if this feature is availible in Snort? I've been playing arounf with 1.8.1 a bit and not as much as I should have :) but I've not seen anything like the following. If indeed it's not availible, I'd like to suggest it as a feature for <put version here>. When an alert of type x is triggered, I can consider it minor and ignore the one-off. Or type x could be traffic I see daily but don't want to remove from my logs. We'll call type x 'non-hostile'. Then there is type y. When I see packets of type y, I don't just want to log them but I want to tcpdump the entire session with the offending src forthe next z minutes. I would think this is a semi-obvious thing.. someone is attacking your network, so you capture all their traffic! Is this possible? -- Avleen Vig, Systems Administrator Email: avleen () ivision co uk Mobile: (07974) 100 573 Internet Vision Tel: 020 7589 4500 60 Albert Court Fax: 020 7589 4522 Prince Consort Road info () ivision co uk London. SW7 2BE http://www.ivision.co.uk/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- logging entire sessions Avleen Vig (Aug 21)
- Re: logging entire sessions Chris Green (Aug 21)
- <Possible follow-ups>
- Re: logging entire sessions Erek Adams (Aug 21)
- RE: logging entire sessions gary . smith (Aug 22)