Re: Loh HTTP Payload to MYSQL

[Joel Esler <eslerj () gmail com>]

On Jan 10, 2009, at 7:23 PM, ahmed adel allegedly wrote:

> Hi
>   I want to log HTTP packets data using snort, till know I succeeded  
> to log HTTP packet payload only for the URI part but I haven't been  
> able to do the same for the response. I have the following two rules.
>
> log tcp any 80 ->  any any (msg: "HTTP Packet Server to Host"; sid:  
> 1;)
> log tcp any any ->  any 80 (msg: "HTTP Packet Host to Server"; sid:  
> 2;)
>
> I am logging to mysql database and BASE interface, but I get in the  
> interface is alerts when packets is sent from the server to the host  
> i.e. from port 80 to any port and no payload, and for any POST or  
> GET request from the host I get the payload.
>
> What I need is to inspect all the traffic between the host and the  
> server using snort based on the rules.


Would it be simpler to use Snort in packet dump mode?  Much like  
tcpdump?

--
Joel Esler
  http://www.joelesler.net
  http://www.twitter.com/joelesler
[m]

------------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It is the best place to buy or sell services for
just about anything Open Source.
http://p.sf.net/sfu/Xq1LFB

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users