Snort mailing list archives
Re: host attribute table - feature request
From: "Crook, Parker" <Parker_Crook () reyrey com>
Date: Mon, 22 Mar 2010 16:52:09 -0400
Yeah... I was grepping with the wrong info, it's there in 2.8.5.3, depending on whether Snort is started, reloaded, or restarted, in one of the following formats: 1: Mar 22 16:38:46 SNORT2 snort[21698]: Attribute Table Loaded with 113 hosts 2: Mar 22 16:38:49 SNORT2 snort[21699]: Attribute Table Reload Thread Starting... Mar 22 16:38:49 SNORT2 snort[21699]: Attribute Table Reload Thread Started, thread 3059501968 (21699) 3: Mar 22 16:27:01 SNORT2 snort[19778]: =============================================================================== Mar 22 16:27:01 SNORT2 snort[19778]: Attribute Table Stats: Mar 22 16:27:01 SNORT2 snort[19778]: Number Entries: 113 Mar 22 16:27:01 SNORT2 snort[19778]: Table Reloaded: 0 Mar 22 16:27:01 SNORT2 snort[19778]: =============================================================================== Sorry for causing trouble, Parker -----Original Message----- From: Ryan Jordan [mailto:ryan.jordan () sourcefire com] Sent: Monday, March 22, 2010 4:45 PM To: Crook, Parker Cc: Matt Olney; snort-devel-request () lists sourceforge net; snort-users () lists sourceforge net List Subject: Re: [Snort-users] host attribute table - feature request If you're not seeing those stats, make sure you compiled Snort with --enable-targetbased. -Ryan On Mon, Mar 22, 2010 at 4:33 PM, Crook, Parker <Parker_Crook () reyrey com> wrote:
Matt, No that's great -- I thought I remembered seeing something like that in my lab at home, but thought I was losing it when I couldn't get it here in the production environment (it was a late night coding session after all). Thanks again, Parker ________________________________ From: Matt Olney [mailto:molney () sourcefire com] Sent: Monday, March 22, 2010 4:27 PM To: Crook, Parker Cc: Joel Esler; snort-devel-request () lists sourceforge net; snort-users () lists sourceforge net List Subject: Re: [Snort-users] host attribute table - feature request In 2.8.6rc1, at least I get the following: =============================================================================== Attribute Table Stats: Number Entries: 1 Table Reloaded: 0 =============================================================================== In the Snort output. Is that sufficient? I'll put a feature request bug in, but I'm just making sure this isn't what you are looking for, Matt On Mon, Mar 22, 2010 at 4:15 PM, Crook, Parker <Parker_Crook () reyrey com> wrote: Thanks Joel, I appreciate it. -Parker ________________________________ From: Joel Esler [mailto:joel.esler () me com] Sent: Monday, March 22, 2010 2:55 PM To: Crook, Parker Cc: snort-users () lists sourceforge net List; snort-devel-request () lists sourceforge net Subject: Re: [Snort-users] host attribute table - feature request Parker, I've cc'ed the snort-devel list. I'm not aware if the developers are on the snort-users list. J On Mar 22, 2010, at 1:35 PM, Crook, Parker wrote: After speaking with Andy about getting hogger to create the host attribute table, he asked how he would know if Snort successfully slurped up the attribute file. I did some checking on my installation and went through the logs and noticed there is not any sort of indication of whether or not Snort is using a host attribute table. Would it be possible to add this feature so that we can receive confirmation that we are or are not using the host attribute feature? (similar to the message on PCAP frames) -- Joel Esler http://blog.joelesler.net ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- host attribute table - feature request Crook, Parker (Mar 22)
- Re: host attribute table - feature request Joel Esler (Mar 22)
- Fwd: [Snort-users] host attribute table - feature request Joel Esler (Mar 22)
- Re: host attribute table - feature request Crook, Parker (Mar 22)
- Re: host attribute table - feature request Matt Olney (Mar 22)
- Re: host attribute table - feature request Crook, Parker (Mar 22)
- Re: host attribute table - feature request Ryan Jordan (Mar 22)
- Re: host attribute table - feature request Crook, Parker (Mar 22)
- Re: host attribute table - feature request Matt Olney (Mar 22)
- Re: host attribute table - feature request Joel Esler (Mar 22)
- Re: host attribute table - feature request Joel Esler (Mar 22)