Snort mailing list archives
http_client_data and logging
From: Eoin Miller <eoin.miller () trojanedbinaries com>
Date: Wed, 25 May 2011 22:59:24 +0000
It appears that if you write rules to log on contents within http_client_data, then the payload that gets written the first frame with payload in it in the stream. This often is not the packet that actually contains the content of http_client_data. Anyone else noticing this and was this done by design for some reason? -- Eoin ------------------------------------------------------------------------------ vRanger cuts backup time in half-while increasing security. With the market-leading solution for virtual backup and recovery, you get blazing-fast, flexible, and affordable data protection. Download your free trial now. http://p.sf.net/sfu/quest-d2dcopy1 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- http_client_data and logging Eoin Miller (May 25)
- Re: http_client_data and logging James Lay (May 25)
- Re: http_client_data and logging Eoin Miller (May 26)
- Re: http_client_data and logging Joel Esler (May 26)
- Re: http_client_data and logging Eoin Miller (May 26)
- Re: http_client_data and logging Joel Esler (May 26)
- Re: http_client_data and logging Eoin Miller (May 26)
- Re: http_client_data and logging Joel Esler (May 26)
- Re: http_client_data and logging beenph (May 26)
- Re: http_client_data and logging Edward Fjellskål (May 26)
- Re: http_client_data and logging Eoin Miller (May 26)
- Re: http_client_data and logging James Lay (May 25)
- Re: http_client_data and logging Lay, James (May 26)