Re: [Snort-users] snort and squid

Add 3128 to HTTP_PORTS in your snort.conf. All of your HTTP rules
will be looking on port 80 and the traffic to thw proxy is on 3128.

PaulM


On 1/17/08, Helmut Schneider <jumper99@gmx.de> wrote:
> Hi,
>
> I'm using snort 2.7 on two machines, one at a hub next to the router and the
> firewall and since yesterday a second sensor on my proxy (squid). All
> web-traffic must go through the proxy.
> The first sensor gives information about e.g. that one uses google desktop
> but does not say which client (of course, as source is the proxy). So I
> installed snort as a second sensor on the proxy but without success. The
> alerts the first sensors finds are not found on the second sensor (the squid
> protocol might differ from HTTP).
>
> Is there a way to configure snort to reveal which exact client "breaks"
> policies?
>
> Thanks, Helmut
>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2008.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> Snort-users mailing list
> Snort-users@lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/...fo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.p...st=snort-users
>

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users