Re: Protocol/Service/Source Bytes/Dest bytes needed

[Bamm Visscher <bamm () satx rr com>]

You can use the 'keepstats' option in stream4 (although this will only give you info for tcp streams).

<snip>
#   keepstats [machine|binary] - keep session statistics, add "machine" to 
#                         get them in a flat format for machine reading, add
#                         "binary" to get them in a unified binary output 
#                         format
</snip>

There is a patch available for stream4 w/sguil (http://www.satexas.com/~bamf/sguil/) that adds the option to write 
stats in a pipe delimated format every 'n' secs for easy loading into a DB.

Bammkkkk

On Wed, Apr 23, 2003 at 01:17:36PM -0300, Malcolm Rodgers wrote:
> Hi,
>
> I'd like to use snort to log the following information on a connection
> basis:
>
> protocol/service/src bytes/dest bytes and possibly time stamp
>
> So I could create a data file similar to the data set listed here on this
> KDD web page:
>
> http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
>
> specifically
>
> http://kdd.ics.uci.edu/databases/kddcup99/kddcup.data_10_percent.gz
>
> What will be the easiest way for me to do this?
>
> Thanks for any pointers:


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users