Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Capture Email Content / Website Activity

From: "Alex Butcher, ISC/ISYS" <Alex.Butcher () bristol ac uk>
Date: Mon, 28 Nov 2005 10:25:40 +0000
--On 27 November 2005 01:35 -0700 stuff () trackingsolutions ca wrote:


I am new to snort and am starting to test things out. I am able to
capture  email content from the machine running snort, but I would also
like to  capture email being sent on the entire network. Is there a way
to do this?
You /could/ configure snort to do this, using the tag: functionality, but IMHO, this would not be the best place to do it. Far better to use some kind of SMTP proxy or dedicated email archiving solution. Examples of these include products by ilumin.com and mimesweeper.com. 


Also is there a way to capture visited websites for the entire network to
a  file stating date, time, url, ipaddress?


Similarly, but I'd recommend an HTTP proxy. Squid will suffice.

Best Regards,
Alex.
--
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing             GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9




-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: