Snort mailing list archives
Re: snort and proxy
From: Michael Boman <michael.boman () securecirt com>
Date: Fri, 07 Nov 2003 16:29:57 +0800
On Fri, 2003-11-07 at 16:59, nosnos wrote:
Hi, I want to know if snort can store the ip of a destination if snort is bewind a proxy. For the moment, my snort can't see the destination because all request has the proxy's IP .... :( Is there a way to solve this problem ? Moreover, i want snort to list all the URL that my network attemp to reach. For example I have 3 pc connected and I want that snort make the followig list (in a database if possible) (an example) : - IP src URL 10.150.1.20 (pc IP 1) www.linux.org 10.150.1.20 (pc IP 1) www.snort.org 10.150.1.20 (pc IP 1) www.amazon.com .... PS : i don't the IP dest because, an IP can be assigned for many site .... thx a lot
I suggest that you should use your proxy server's logs to correlate the event(s). Snort is not the right tool for this job. Best regards Michael Boman -- Michael Boman Security Architect, SecureCiRT Pte Ltd http://www.securecirt.com
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- snort and proxy nosnos (Nov 07)
- Re: snort and proxy Michael Boman (Nov 07)
- Re: snort and proxy Sp0oKeR Labs (Nov 07)
- Re: snort and proxy Michael Boman (Nov 07)