Snort mailing list archives
Re: Fwd: data_log output
From: Russ <rucombs () cisco com>
Date: Sun, 19 Jun 2016 11:12:29 -0400
On 6/19/16 5:16 AM, Sunil Koul wrote:
Hello people
I would like to know the correct usage for data_log inspector. When i use
snort -c $my_path/etc/snort/snort.lua \
--plugin-path $my_path/lib/snort_extra \
-A alert_ex -r /path/to/my.pcap
as mentioned in doc/usage.txt after including data_log = { key =
'http_raw_uri' } in snort.lua, a data.log gets created in the home
directory but with no output(blank).
That should work. What is in your pcap?
You can trim the default conf but will need more than just data_log. You will need stream, http_inspect, etc.How do i explicitly load only the data_log inspector to extract and print data onto the data.log file?
Thanks Sunil ------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. http://sdm.link/zohomanageengine _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. http://sdm.link/zohomanageengine
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Fwd: data_log output Sunil Koul (Jun 19)
- Re: Fwd: data_log output Russ (Jun 19)
- <Possible follow-ups>
- data_log output Sunil Koul (Jun 19)