Snort mailing list archives
Re: Publishing http attributes
From: "Seshaiah Erugu (serugu)" <serugu () cisco com>
Date: Tue, 28 Jun 2016 10:46:56 +0000
Hi Akhil, You can add this data ( Host name, version and Method ) to HttpSessionData and populate while logging the packet. Refer xff code for populating extra data. Thanks, Seshaiah Erugu. From: Akhil Koul [mailto:akhil.koul8 () gmail com] Sent: Tuesday, June 28, 2016 2:56 PM To: snort-devel () lists sourceforge net Subject: [Snort-devel] Publishing http attributes Hello For a project I am working on, I would like to publish http host, version and method so that it is available to subscribers. Currently, only http_raw_uri is published which is subscribed and logged by data_log inspector. I would like the data_log inspector to be able to subscribe to above attributes(or maybe a new inspector which can subscribe to and handle several http attributes). How do I do this? Any help will be appreciated. Thanks Akhil
------------------------------------------------------------------------------ Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San Francisco, CA to explore cutting-edge tech and listen to tech luminaries present their vision of the future. This family event has something for everyone, including kids. Get more information and register today. http://sdm.link/attshape
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Publishing http attributes Akhil Koul (Jun 28)
- Re: Publishing http attributes Seshaiah Erugu (serugu) (Jun 28)
- Re: Publishing http attributes Russ (Jun 28)