[output] Log application data into the database

["Emmanuel Dardaine" <emmanuel.dardaine () smart-telecom ch>]

Hi there,

As an ISP, we'll be soon forced to log all Radius, SMTP, POP3, IMAP and DHCP
headers on our network for 6 months.

We have installed Snort successfully (that tool is really wonderful), but
now, I would like to know how to proceed to extract the interesting data:
- we have written the appropriate rules for each protocol
- we're logging into a PostGres database
- we don't know how to proceed to extract only "from" and "to" information
from a complete email for example.
Indeed, we don't want to log a complete TCP handshake or a complete 10MB
mail (for example) when only the "from" and "to" information is needed.

Who has ever performed this kind og logging with Snort?

Thanks for your help.

Regards,
Emmanuel


Emmanuel Dardaine - Operation Manager
VTX Services SA
Avenue de Lavaux, 101
1009 Pully - Switzerland
http://www.vtx.ch/




-------------------------------------------------------
This SF.net email is sponsored by: ValueWeb: 
Dedicated Hosting for just $79/mo with 500 GB of bandwidth! 
No other company gives more support or power for your dedicated server
http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users