Snort mailing list archives
Question regarding snort statistics
From: Efthymia Tsamoura <etsamour () csd auth gr>
Date: Fri, 04 May 2012 13:45:35 +0300
Hi all, My name is Efi and Im a PhD student. Im writing this email, since I want to find out how to monitor for each rule and for each input packet which of the rule's predicates were satisfied and which not for the specific packet that is currently being processed. For example, given the rule alert tcp 1.1.1.1 any -> 2.2.2.2 80 (content:"BOB"; gid:1000001; sid:1; rev:1;), i want for each packet statistics of the form: Packet 1 satisfied Protocol=tcp and srcIp = 1.1.1.1 and did not satisfy destIp = 2.2.2.2 and destport = 80 and content = "BOB" What are the modifications that need to be performed to the src to get this info? For example, which functions, data structures hold this info ... Best Regards, Efi ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Question regarding snort statistics Efthymia Tsamoura (May 04)
- Re: Question regarding snort statistics Joel Esler (May 04)
- Re: Question regarding snort statistics Russ Combs (May 04)
- Re: Question regarding snort statistics Joel Esler (May 04)