Snort mailing list archives
Re: Using snort to monitor traffic
From: "CS Lee" <geek00l () gmail com>
Date: Tue, 1 May 2007 16:11:05 +0800
Hey Frank, Go argus, as it is better standalone application that giving you network flow information, sancp is more powerful if you use together with sguil. By the way both works pretty well on freebsd platform. Have fun On 5/1/07, Will Metcalf <william.metcalf () gmail com> wrote:
I would suggest that you look at SANCP or Argus http://www.metre.net/sancp.html http://qosient.com/argus/flow.htm I also suggest that you pickup one of Richard Bejtlich's books if you don't think that you need full packet captures. You can always generate stats and flow data from full pcaps. Regards, Will On 4/30/07, Frank <frank () korcett com> wrote: > > i have snort inline (freebsd, ipfw, postgres logging) set up on my > router > to watch HTTP traffic. i would like to log in such a way that i can > determine the last time any IP sent HTTP. i don't want to log any > content, > i just need the timestamps. i would prefer not to have to inspect the > content or to log every HTTP packet. > > does snort seem like the proper tool for this job? i was going to use > squid, but that seemed like overkill as just a transparent, non-caching > proxy that logs to a flat file. > > thanks, > frank > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > _______________________________________________ > Snort-users mailing list > Snort-users () lists sourceforge net > Go to this URL to change user options or unsubscribe: > https://lists.sourceforge.net/lists/listinfo/snort-users > Snort-users list archive: > http://www.geocrawler.com/redir-sf.php3?list=snort-users > ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Best Regards, CS Lee<geekooL[at]gmail.com>
------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Using snort to monitor traffic Frank (Apr 30)
- Re: Using snort to monitor traffic Will Metcalf (Apr 30)
- Re: Using snort to monitor traffic CS Lee (May 01)
- Re: Using snort to monitor traffic Will Metcalf (Apr 30)