[Snort-users] TCP Session logging with ACID

This is a multi-part message in MIME format.

------=_NextPart_000_E648_01C42DBC.A7721670
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

Hi -

I'm trying to get a feel for the difference between using the stream
pre-processor and the TAG: session keywords in a rule.
If I want to log every telnet session and view each one as an alert
within ACID, would I have to set a rule with content so that the
pre-processor picks it up?
If I use TAG however, will this generate an alert for each packet
tagged?

I guess my question is when would you use TAG vs. just relying on the
stream preprocessor, and how would a TAGged session appear in ACID?

Thanks!
B

------=_NextPart_000_E648_01C42DBC.A7721670
Content-Type: text/html
Content-Transfer-Encoding: 7bit

<HTML>
<BODY>
Hi -<br>
<br>
I'm trying to get a feel for the difference between using the stream pre-processor and the TAG: session keywords in a rule. <br>
If I want to log every telnet session and view each one as an alert within ACID, would I have to set a rule with content so that the pre-processor picks it up?<br>
If I use TAG however, will this generate an alert for each packet tagged?<br>
<br>
I guess my question is when would you use TAG vs. just relying on the stream preprocessor, and how would a TAGged session appear in ACID?<br>
<br>
Thanks!<br>
B
</BODY></HTML>

------=_NextPart_000_E648_01C42DBC.A7721670--



-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g.
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users