Snort mailing list archives

Loh HTTP Payload to MYSQL

From: ahmed adel <ahmedadel4eg () yahoo com>
Date: Sat, 10 Jan 2009 16:23:34 -0800 (PST)

Hi
  I want to log HTTP packets data using snort, till know I succeeded to log HTTP packet payload only for the URI part 
but I haven't been able to do the same for the response. I have the following two rules.

log tcp any 80 ->  any any (msg: "HTTP Packet Server to Host"; sid: 1;)
log tcp any any ->  any 80 (msg: "HTTP Packet Host to Server"; sid: 2;)

I am logging to mysql database and BASE interface, but I get in the interface is alerts when packets is sent from the 
server to the host i.e. from port 80 to any port and no payload, and for any POST or GET request from the host I get 
the payload.

What I need is to inspect all the traffic between the host and the server using snort based on the rules.

Best Regards
Ahmed Adel

------------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It is the best place to buy or sell services for
just about anything Open Source.
http://p.sf.net/sfu/Xq1LFB

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Loh HTTP Payload to MYSQL ahmed adel (Jan 10)
- Re: Loh HTTP Payload to MYSQL Joel Esler (Jan 11)