Re: [Snort-users] Using snort to monitor traffic
This is a discussion on Re: [Snort-users] Using snort to monitor traffic within the Snort forums, part of the System Security and Security Related category; --===============0087598133== Content-Type: multipart/alternative; boundary="----=_Part_327325_14157917.1177979279276" ------=_Part_327325_14157917.1177979279276 Content-Type: text/plain; charset=ISO-8859-1; ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
05-01-2007
|
|||
|
|||
Re: [Snort-users] Using snort to monitor traffic
--===============0087598133==
Content-Type: multipart/alternative; boundary="----=_Part_327325_14157917.1177979279276" ------=_Part_327325_14157917.1177979279276 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline I would suggest that you look at SANCP or Argus http://www.metre.net/sancp.html http://qosient.com/argus/flow.htm I also suggest that you pickup one of Richard Bejtlich's books if you don't think that you need full packet captures. You can always generate stats and flow data from full pcaps. Regards, Will On 4/30/07, Frank <frank@korcett.com> wrote: > > i have snort inline (freebsd, ipfw, postgres logging) set up on my router > to watch HTTP traffic. i would like to log in such a way that i can > determine the last time any IP sent HTTP. i don't want to log any content, > i just need the timestamps. i would prefer not to have to inspect the > content or to log every HTTP packet. > > does snort seem like the proper tool for this job? i was going to use > squid, but that seemed like overkill as just a transparent, non-caching > proxy that logs to a flat file. > > thanks, > frank > > ------------------------------------------------------------------------- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > _______________________________________________ > Snort-users mailing list > Snort-users@lists.sourceforge.net > Go to this URL to change user options or unsubscribe: > https://lists.sourceforge.net/lists/...fo/snort-users > Snort-users list archive: > http://www.geocrawler.com/redir-sf.p...st=snort-users > ------=_Part_327325_14157917.1177979279276 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline <div>I would suggest that you look at SANCP or Argus</div> <div><br><a href="http://www.metre.net/sancp.html">http://www.metre.net/sancp.html</a></div> <div><a href="http://qosient.com/argus/flow.htm">http://qosient.com/argus/flow.htm</a></div> <div> </div> <div>I also suggest that you pickup one of Richard Bejtlich's books if you don't think that you need full packet captures. You can always generate stats and flow data from full pcaps. </div> <div> </div> <div>Regards,</div> <div> </div> <div>Will<br> </div> <div><span class="gmail_quote">On 4/30/07, <b class="gmail_sendername">Frank</b> <<a href="mailto:frank@korcett.com">frank@korcett.com</a>> wrote:</span> <blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">i have snort inline (freebsd, ipfw, postgres logging) set up on my router<br>to watch HTTP traffic. i would like to log in such a way that i can <br>determine the last time any IP sent HTTP. i don't want to log any content,<br>i just need the timestamps. i would prefer not to have to inspect the<br>content or to log every HTTP packet.<br><br>does snort seem like the proper tool for this job? i was going to use <br>squid, but that seemed like overkill as just a transparent, non-caching<br>proxy that logs to a flat file.<br><br>thanks,<br>frank<br><br>-------------------------------------------------------------------------<br>This SF.net email is sponsored by DB2 Express<br>Download DB2 Express C - the FREE version of DB2 express and take<br>control of your XML. No limits. Just data. Click to get it now.<br><a href="http://sourceforge.net/powerbar/db2/"> http://sourceforge.net/powerbar/db2/</a><br>____________________________________________ ___<br>Snort-users mailing list<br><a href="mailto:Snort-users@lists.sourceforge.net">Snort-users@lists.sourceforge.net</a><br>Go to this URL to change user options or unsubscribe: <br><a href="https://lists.sourceforge.net/lists/listinfo/snort-users">https://lists.sourceforge.net/lists/listinfo/snort-users</a><br>Snort-users list archive:<br><a href="http://www.geocrawler.com/redir-sf.php3?list=snort-users"> http://www.geocrawler.com/redir-sf.php3?list=snort-users</a><br></blockquote></div><br> ------=_Part_327325_14157917.1177979279276-- --===============0087598133== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ --===============0087598133== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users --===============0087598133==-- 
|
Linear Mode
