Re: host attribute table - feature request

["Crook, Parker" <Parker_Crook () reyrey com>]

Matt,



No that's great -- I thought I remembered seeing something like that in my lab at home, but thought I was losing it 
when I couldn't get it here in the production environment (it was a late night coding session after all).



Thanks again,

Parker



  _____

From: Matt Olney [mailto:molney () sourcefire com]
Sent: Monday, March 22, 2010 4:27 PM
To: Crook, Parker
Cc: Joel Esler; snort-devel-request () lists sourceforge net; snort-users () lists sourceforge net List
Subject: Re: [Snort-users] host attribute table - feature request



In 2.8.6rc1, at least I get the following:



===============================================================================

Attribute Table Stats:

    Number Entries: 1

    Table Reloaded: 0

===============================================================================



In the Snort output.  Is that sufficient?  I'll put a feature request bug in, but I'm just making sure this isn't what 
you are looking for,


Matt



On Mon, Mar 22, 2010 at 4:15 PM, Crook, Parker <Parker_Crook () reyrey com<mailto:Parker_Crook () reyrey com>> wrote:

Thanks Joel, I appreciate it.



-Parker

  _____

From: Joel Esler [mailto:joel.esler () me com<mailto:joel.esler () me com>]
Sent: Monday, March 22, 2010 2:55 PM
To: Crook, Parker
Cc: snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net> List; snort-devel-request () 
lists sourceforge net<mailto:snort-devel-request () lists sourceforge net>


Subject: Re: [Snort-users] host attribute table - feature request



Parker,



I've cc'ed the snort-devel list.  I'm not aware if the developers are on the snort-users list.



J



On Mar 22, 2010, at 1:35 PM, Crook, Parker wrote:



After speaking with Andy about getting hogger to create the host attribute table, he asked how he would know if Snort 
successfully slurped up the attribute file.  I did some checking on my installation and went through the logs and 
noticed there is not any sort of indication of whether or not Snort is using a host attribute table.



Would it be possible to add this feature so that we can receive confirmation that we are or are not using the host 
attribute feature? (similar to the message on PCAP frames)



--
Joel Esler
http://blog.joelesler.net






------------------------------------------------------------------------------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users<https://lists.sourceforge.net/lists/listinfo/snort-users%0d%0aSnort-users> list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



------------------------------------------------------------------------------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users