Snort mailing list archives
Re: Using snort to monitor traffic
From: "Will Metcalf" <william.metcalf () gmail com>
Date: Mon, 30 Apr 2007 19:27:59 -0500
I would suggest that you look at SANCP or Argus http://www.metre.net/sancp.html http://qosient.com/argus/flow.htm I also suggest that you pickup one of Richard Bejtlich's books if you don't think that you need full packet captures. You can always generate stats and flow data from full pcaps. Regards, Will On 4/30/07, Frank <frank () korcett com> wrote:
i have snort inline (freebsd, ipfw, postgres logging) set up on my router to watch HTTP traffic. i would like to log in such a way that i can determine the last time any IP sent HTTP. i don't want to log any content, i just need the timestamps. i would prefer not to have to inspect the content or to log every HTTP packet. does snort seem like the proper tool for this job? i was going to use squid, but that seemed like overkill as just a transparent, non-caching proxy that logs to a flat file. thanks, frank ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Using snort to monitor traffic Frank (Apr 30)
- Re: Using snort to monitor traffic Will Metcalf (Apr 30)
- Re: Using snort to monitor traffic CS Lee (May 01)
- Re: Using snort to monitor traffic Will Metcalf (Apr 30)