Snort mailing list archives
Re: how can we alert on web visiting activity?
From: mary andrews <maryandrews22 () gmail com>
Date: Thu, 19 Nov 2009 16:10:03 -0500
got it, thats what it was, it worked!!!!! Many, MANY THANKS! m On Thu, Nov 19, 2009 at 3:56 PM, evilghost () packetmail net < evilghost () packetmail net> wrote:
You may want to peek at the manual again. You turned off logging, not checksum checking. -k <mode> Checksum mode (all,noip,notcp,noudp,noicmp,none) -K <mode> Logging mode (pcap[default],ascii,none) -evilghost mary andrews wrote:I tried it with the upper case K, still nothing. c:\snort\bin\snort -A console -i 2 -c c:\snort\etc\snort.conf -l c:\snort\log -K none -s On Thu, Nov 19, 2009 at 3:13 PM, Joel Esler <jesler () sourcefire com>wrote:Well, I don't know anything about the flowbits problem you are talking about. But I did ask an email'ed questions to devel about the functionality of rawbytes since there may be some misunderstanding. But I wasn't provided any pcaps or anything of problems... J On Thu, Nov 19, 2009 at 2:25 PM, evilghost () packetmail net < evilghost () packetmail net> wrote:It was effectively communicated to Joel Esler who forwarded it to SF development. Flowbits are borked too by the way. Nigel Houghton wrote:On Thu, Nov 19, 2009 at 2:01 PM, evilghost () packetmail net <evilghost () packetmail net> wrote:What version of Snort are you using? I have had issues with content matching working correctly in the 2.8 branch (as have others atEmergingThreats), I was able to get content matching to work as expected by using the rawbytes option. See section 3.5.3 in the Snort manual. content:"ebay"; nocase; rawbytes; -evilghostIf you have evidence to support your claim, we would like to see it. A bug report would be good, until then, please refrain from giving "advice" like this. Your recommendation is detrimental to performance.------------------------------------------------------------------------------Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - andfocuson what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs-- Joel Esler | 302-223-5974 | gtalk: jesler () sourcefire com------------------------------------------------------------------------------Let Crystal Reports handle the reporting - Free Crystal Reports 200830-Daytrial. Simplify your report design, integration and deployment - andfocuson what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs
------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs
Current thread:
- how can we alert on web visiting activity? mary andrews (Nov 19)
- Re: how can we alert on web visiting activity? evilghost () packetmail net (Nov 19)
- Re: how can we alert on web visiting activity? Nigel Houghton (Nov 19)
- Re: how can we alert on web visiting activity? evilghost () packetmail net (Nov 19)
- Re: how can we alert on web visiting activity? Jason Brvenik (Nov 19)
- Re: how can we alert on web visiting activity? Joel Esler (Nov 19)
- Re: how can we alert on web visiting activity? mary andrews (Nov 19)
- Re: how can we alert on web visiting activity? mary andrews (Nov 19)
- Re: how can we alert on web visiting activity? evilghost () packetmail net (Nov 19)
- Re: how can we alert on web visiting activity? Matt Olney (Nov 19)
- Re: how can we alert on web visiting activity? mary andrews (Nov 19)
- Re: how can we alert on web visiting activity? Eoin Miller (Nov 19)
- Re: how can we alert on web visiting activity? Jason Brvenik (Nov 19)
- Re: how can we alert on web visiting activity? Nigel Houghton (Nov 19)
- Re: how can we alert on web visiting activity? evilghost () packetmail net (Nov 19)
- Re: how can we alert on web visiting activity? evilghost () packetmail net (Nov 19)
- Re: how can we alert on web visiting activity? Weir, Jason (Nov 19)
- Re: how can we alert on web visiting activity? Jason Brvenik (Nov 19)
- Re: how can we alert on web visiting activity? mary andrews (Nov 19)
- Re: how can we alert on web visiting activity? Jason Brvenik (Nov 19)