RE: Snort URL logging

[ALMEIDA Antonio Jose <ajalmeida () novis pt>]

In my case it's not a waste of time, maybe it's a chalenge. I want to dump
all urls from one host with trinux. I want to send the urls by syslog to
another server. The new urlsnarf version could do that but the one with
trinux doesn't supports filters.

-----Original Message-----
From: Erek Adams [mailto:erek () snort org]
Sent: terça-feira, 14 de Janeiro de 2003 14:30
To: ALMEIDA Antonio Jose
Cc: 'snort-users () lists sourceforge net'
Subject: RE: [Snort-users] Snort URL logging


On Tue, 14 Jan 2003, ALMEIDA Antonio Jose wrote:

> But with urlsnarf i can't filter the source ip, and i really need that.
It's
> impossible to do this with Snort?

Impossible?  No.  Waste of time?  Yes.

Use Snort or Tcpdump to snag all traffic, and use a BPF filter to exclude
what you want.  Then replay that file into urlsnarf.

And just a handy little tip:  Never ask your boss why he was surfing
http://www.flashyourrack.com/ .  That would be a careerlimiting move.  ;-)

-----
Erek Adams

   "When things get weird, the wierd turn pro."   H.S. Thompson


-------------------------------------------------------
This SF.NET email is sponsored by: Take your first step towards giving
your online business a competitive advantage. Test-drive a Thawte SSL
certificate - our easy online guide will show you how. Click here to get
started: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0027en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users