Snort mailing list archives
Re: Snort++ data_log file empty
From: Russ <rucombs () cisco com>
Date: Sun, 18 Sep 2016 14:09:54 -0400
You need to use the old HTTP inspector until the new one, which is now the default, is updated to publish inspection events. To use the old one, change "http_inspect = { }" to "http_server = { }". That is in the extras so your --plugin-path will pick it up.
On 9/18/16 1:17 PM, secres () linuxmail org wrote:
I've been trying to get the teh data_log module to work but I haven't had any success. Below is the command line options as well as having data_log = { key = 'http_raw_uri' } in the snort.lua file. I've tried it wil different pcaps and with attaching it to an interface to sniff while browsing the web. The data.log file is created but its always blank. The rest of the snort.lua is default from the installation. $my_path/bin/snort -c $my_path/etc/snort/snort.lua -R $my_path/etc/snort/sample.rules -r http.cap --plugin-path $my_path/lib/snort_extra -l /opt/snort-3.0/log/ -A alert_exThanks! ------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort++ data_log file empty secres (Sep 18)
- Re: Snort++ data_log file empty Russ (Sep 18)