Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: DNS Query Logging?

From: Steve Frank <sfrank () midcom-inc com>
Date: Thu, 10 May 2001 16:22:05 -0500
Isn't that logged in most default DNS installations anyway?  My NSTATS are
configured to pop into my syslog all the time--you should be able to see all
your query types there--or are you looking for something more specific than
that, Jeff?

Steve Frank
Network Manager
Midcom, Inc.


-----Original Message-----
From: Richard, Jeff [mailto:Jeff-Richard () forum-financial com]
Sent: Thursday, May 10, 2001 3:48 PM
To: 'snort-users () lists sourceforge net'
Subject: [Snort-users] DNS Query Logging?


I hope someone can give a hand on this.  I need to get a count of how many
DNS queries my DNS servers are receiving.  What should a rule for DNS
queries look like?  I'm not failure with DNS traffic, but realize that UDP
53, is the protocol/port, just not sure of any signature(s).

-Jeff

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: