Snort mailing list archives
Re: Can't read data_log output file (empty)
From: Lawrence Belyeu via Snort-devel <snort-devel () lists snort org>
Date: Mon, 17 Jul 2017 22:49:57 -0500
I asked to be removed from this list. I did what i was instructed. Please remove me off the snort list again. On Jul 17, 2017 6:57 PM, "Russ via Snort-devel" <snort-devel () lists snort org> wrote:
http_server (the old one) was deleted so you should stick with the
http_inspect (the new one). Unfortunately, data_log now needs an update.
We will get you something soon.
On 7/17/17 6:20 PM, Ronin CS via Snort-devel wrote:
Hello everyone,
I'm trying to better understand how to handle events inside Snort++ using
data_log inspector as example. But at the moment, I can't really read the
output file because it's always empty for me.
Until now, I did the following changes to snort.lua:
- Added a new line "data_log = { key = 'http_raw_uri' }
- Changed the "http_inspector = { }" to "http_server = { }"
(As recommended here: http://marc.info/?l=snort-user
s&m=147422221322032&w=2)
And ran the command:
"sudo snort -c /opt/snort/etc/snort/snort.lua -R
/opt/snort/etc/snort/samples.rules -r http.cap -A alert_ex --plugin-path
/opt/snort/lib/snort_extra"
The http.cap I'm using is the one located at
https://wiki.wireshark.org/SampleCaptures
What am I missing here?
Thanks in advance,
Ronin.
_______________________________________________
Snort-devel mailing listSnort-devel@lists.snort.orghttps://lists.snort.org/mailman/listinfo/snort-devel
Please visit http://blog.snort.org for the latest news about Snort!
_______________________________________________
Snort-devel mailing list
Snort-devel () lists snort org
https://lists.snort.org/mailman/listinfo/snort-devel
Please visit http://blog.snort.org for the latest news about Snort!
_______________________________________________ Snort-devel mailing list Snort-devel () lists snort org https://lists.snort.org/mailman/listinfo/snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Can't read data_log output file (empty) Ronin CS via Snort-devel (Jul 17)
- Re: Can't read data_log output file (empty) Russ via Snort-devel (Jul 17)
- Re: Can't read data_log output file (empty) Lawrence Belyeu via Snort-devel (Jul 17)
- Re: Can't read data_log output file (empty) Ronin CS via Snort-devel (Jul 19)
- Re: Can't read data_log output file (empty) Russ via Snort-devel (Aug 03)
- Re: Can't read data_log output file (empty) Ronin CS via Snort-devel (Aug 03)
- Re: Can't read data_log output file (empty) Russ via Snort-devel (Jul 17)