Snort mailing list archives

Previous By Date Next
Previous By Thread Next

format of logs

From: Serge Leschinsky <fish () artlife tomsknet ru>
Date: Fri, 18 Oct 2002 12:02:58 +0700
Dear colleagues.

In 1.8.7 I have logs like following:

[**] FTP EXPLOIT CWD overflow [**]
10/14-10:45:41.167403 212.91.214.124:1127 -> 217.18.136.66:21
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:174
***AP*** Seq: 0xDB2DDDA2  Ack: 0xD9260  Win: 0x7FB8  TcpLen: 20
55 53 45 52 20 61 6E 6F 6E 79 6D 6F 75 73 0D 0A  USER anonymous..
50 41 53 53 20 49 45 55 73 65 72 40 0D 0A 66 65  PASS IEUser ()   fe
61 74 0D 0A 73 79 73 74 0D 0A 50 57 44 0D 0A 43  at..syst..PWD..C
57 44 20 2F 64 69 73 74 72 69 62 75 74 6F 72 73  WD /distributors
2F 0D 0A 54 59 50 45 20 41 0D 0A 50 4F 52 54 20  /..TYPE A..PORT
32 31 32 2C 39 31 2C 32 31 34 2C 31 32 34 2C 34  212,91,214,124,4
2C 31 30 34 0D 0A 4C 49 53 54 0D 0A 43 57 44 20  ,104..LIST..CWD
2F 64 69 73 74 72 69 62 75 74 6F 72 73 2F 53 6B  /distributors/Sk
6C 61 64 2F 0D 0A                                lad/..
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+


 but in 1.9.0 logs are less informative (for me):

[**] ATTACK RESPONSES id check returned root [**]
10/18-10:02:21.464079 205.206.231.10:80 -> 217.18.136.93:1282
TCP TTL:37 TOS:0x0 ID:37754 IpLen:20 DgmLen:1500 DF
***AP*** Seq: 0x3BCD07EE  Ack: 0x2E4CE9AC  Win: 0x7C70  TcpLen: 32

TCP Options (3) =>> NOP NOP TS: 111685230 293611174

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+


Can I do something to get in 1.9.0 the same logs as in 1.8.x ?

-- 
Yours sincerely
      Serge Leschinsky          mailto:fish () artlife tomsknet ru          

Please visit this link:  http://rotter.net/israel



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: