Snort mailing list archives
Session logging
From: "Andy S Shrock" <Andy.S.Shrock () usa dupont com>
Date: Thu, 11 Sep 2003 16:54:21 -0400
I would like to log ~10 seconds of session data for every alert generated, for forensic use. I would like the data logged in snort unified format so I can use barnyard to dump it to mysql, and use acid to review all the data in one place. Is there a better way to do this than adding a tag to every rule? If I go to the trouble of tagging all rules what should I do about updating my ruleset? Any ideas and comments are welcome. Thanks, Andy Shrock DuPont AFS This communication is for use by the intended recipient and contains information that may be privileged, confidential or copyrighted under applicable law. If you are not the intended recipient, you are hereby formally notified that any use, copying or distribution of this e-mail, in whole or in part, is strictly prohibited. Please notify the sender by return e-mail and delete this e-mail from your system. Unless explicitly and conspicuously designated as "E-Contract Intended", this e-mail does not constitute a contract offer, a contract amendment, or an acceptance of a contract offer. This e-mail does not constitute a consent to the use of sender's contact information for direct marketing purposes or for transfers of data to third parties. Francais Deutsch Italiano Espanol Portugues Japanese Chinese Korean http://www.DuPont.com/corp/email_disclaimer.html ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Session logging Andy S Shrock (Sep 11)