Re: HTTP reassembly problem

[Russ Combs <rcombs () sourcefire com>]

A bug was opened to track this.  Not too sure that it will get targeted,
but I like the idea.  And it would save some disk too.

On Thu, Oct 11, 2012 at 4:59 AM, João Lima <
joao.pedro.paulino.lima () gmail com> wrote:

> Yes it was really that option I was looking for...
>
> It's a shame that it's not possible to configure the output to store the
> reassembled packets.
>
> I think it would be a nice and quite useful feature to have in a future
> release. Is it possible to submit this as a feature request??
>
> João Lima
>
>
> 2012/10/10 Russ Combs <rcombs () sourcefire com>
>
> > On Wed, Oct 10, 2012 at 4:41 PM, waldo kitty <wkitty42 () windstream net>wrote:
> >
> > > On 10/10/2012 12:28, Russ Combs wrote:
> > > [...]
> > > > You can also add show_rebuilt_packets to stream5_global and use with
> > > -A cmg to
> > > > see reassembled packets so you know how to tweak your rule.
> > >
> > > i'll bet that this is the option that João Lima is looking for...
> > >
> > > 1. will this also cause them to be logged in the file(s)??
> >
> > No.  This is strictly for debugging rules, etc.
> >
> >
> > > 2. what version of snort did this option first appear in?
> >
> > Not sure, but it was long ago and far away.
> >
> > > ------------------------------------------------------------------------------
> > > Don't let slow site performance ruin your business. Deploy New Relic APM
> > > Deploy New Relic app performance management and know exactly
> > > what is happening inside your Ruby, Python, PHP, Java, and .NET app
> > > Try New Relic at no cost today and get our sweet Data Nerd shirt too!
> > > http://p.sf.net/sfu/newrelic-dev2dev
> > > _______________________________________________
> > > Snort-users mailing list
> > > Snort-users () lists sourceforge net
> > > Go to this URL to change user options or unsubscribe:
> > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > Snort-users list archive:
> > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > >
> > > Please visit http://blog.snort.org to stay current on all the latest
> > > Snort news!
> >
> >
> >
> > ------------------------------------------------------------------------------
> > Don't let slow site performance ruin your business. Deploy New Relic APM
> > Deploy New Relic app performance management and know exactly
> > what is happening inside your Ruby, Python, PHP, Java, and .NET app
> > Try New Relic at no cost today and get our sweet Data Nerd shirt too!
> > http://p.sf.net/sfu/newrelic-dev2dev
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> > Please visit http://blog.snort.org to stay current on all the latest
> > Snort news!
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_nov

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!