Snort mailing list archives
Re: host attribute table - feature request
From: Matt Olney <molney () sourcefire com>
Date: Mon, 22 Mar 2010 16:27:01 -0400
In 2.8.6rc1, at least I get the following:
===============================================================================
Attribute Table Stats:
Number Entries: 1
Table Reloaded: 0
===============================================================================
In the Snort output. Is that sufficient? I'll put a feature request bug
in, but I'm just making sure this isn't what you are looking for,
Matt
On Mon, Mar 22, 2010 at 4:15 PM, Crook, Parker <Parker_Crook () reyrey com>wrote:
Thanks Joel, I appreciate it. -Parker ------------------------------ *From:* Joel Esler [mailto:joel.esler () me com] *Sent:* Monday, March 22, 2010 2:55 PM *To:* Crook, Parker *Cc:* snort-users () lists sourceforge net List; snort-devel-request () lists sourceforge net *Subject:* Re: [Snort-users] host attribute table - feature request Parker, I've cc'ed the snort-devel list. I'm not aware if the developers are on the snort-users list. J On Mar 22, 2010, at 1:35 PM, Crook, Parker wrote: After speaking with Andy about getting hogger to create the host attribute table, he asked how he would know if Snort successfully slurped up the attribute file. I did some checking on my installation and went through the logs and noticed there is not any sort of indication of whether or not Snort is using a host attribute table. Would it be possible to add this feature so that we can receive confirmation that we are or are not using the host attribute feature? (similar to the message on PCAP frames) -- Joel Esler http://blog.joelesler.net ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- host attribute table - feature request Crook, Parker (Mar 22)
- Re: host attribute table - feature request Joel Esler (Mar 22)
- Fwd: [Snort-users] host attribute table - feature request Joel Esler (Mar 22)
- Re: host attribute table - feature request Crook, Parker (Mar 22)
- Re: host attribute table - feature request Matt Olney (Mar 22)
- Re: host attribute table - feature request Crook, Parker (Mar 22)
- Re: host attribute table - feature request Ryan Jordan (Mar 22)
- Re: host attribute table - feature request Crook, Parker (Mar 22)
- Re: host attribute table - feature request Matt Olney (Mar 22)
- Re: host attribute table - feature request Joel Esler (Mar 22)
- Re: host attribute table - feature request Joel Esler (Mar 22)