Snort mailing list archives

Re: Log all traffic?

From: Mark.Schutzmann () Omron com
Date: Wed, 5 Nov 2003 17:54:14 -0600


"log tcp any any -> any any" and "log udp any any -> any any" are the most
basic... (pg. 157 of Syngress, Snort 2.0 Intrusion Detection) I would be
interested in the front end/query that you're using.

Regards,
Mark


                                                                                                                        
                          
                      nick travis                                                                                       
                          
                      <linuxnews () wormfishin com>          To:       snort-users () lists sourceforge net             
                                
                      Sent by:                            cc:                                                           
                          
                      snort-users-admin () lists sour        Subject:  [Snort-users] Log all traffic?                   
                             
                      ceforge.net                                                                                       
                          
                                                                                                                        
                          
                                                                                                                        
                          
                      11/05/2003 02:47 PM                                                                               
                          
                                                                                                                        
                          
                                                                                                                        
                          






Is there a rule for snort to log all network traffic.  I need to dump it
all into a database and query it for bandwidth usage by certain hosts.

Nick



--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
If you have any questions please contact nick () precisionmillworks com
Mailscanner thanks transtec Computers for their support.



-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users







-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Log all traffic? nick travis (Nov 05)
- Re: Log all traffic? Mark Nipper (Nov 05)
  - Re: Log all traffic? Matt Kettler (Nov 05)
    - Re: Log all traffic? jon baer (Nov 05)
    - Re: Log all traffic? Sp0oKeR Labs (Nov 06)
- Re: Log all traffic? Matt Kettler (Nov 05)
- Who doesn't care about virus rules, and why? kenw (Nov 05)
- <Possible follow-ups>
- Re: Log all traffic? Mark . Schutzmann (Nov 05)