Hosting Provided By

[Snort-devel] stream4 preprocessor

From: Glenn MacGregor <gtm(at)highstreetnetworks.com>
Date: Thu Apr 29 2004 - 15:32:42 EDT

Right now I am using snort for just intrusion detection. I saw that I can setup the stream4 preprocessor to write all tcp connections to a unified file upon restart. This is a great feature! Unfortunatly I need a bit more, I would like a unified format file of all traffic (TCP, UDP and ICMP). I can't find anything within snort that will do this.

So I thinking about writing a preprocessor (or whatever) to collect all the stats. Basically a copy of the stream4 that accepts all types of traffic and does nothing else but write that file.

Did I miss something, is there something in snort that will do this for me? If not can anyone suggest a starting point on writing a module (preprocessor/input-plugin/output-plugin, whichever is appropriate) to do this.

Thanks

Glenn

Glenn MacGregor
HighStreet Networks

This mail sent through IMP: http://horde.org/imp/

This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click

Snort-devel mailing list
Snort-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-devel Received on Thu Apr 29 13:02:18 2004

This message: [ Message body ]
Next message: Bamm Visscher: "Re: [Snort-devel] stream4 preprocessor"
Previous message: Matt Tuzzolo: "[Snort-devel] Logging to multiple databases"
Next in thread: Bamm Visscher: "Re: [Snort-devel] stream4 preprocessor"
Reply: Bamm Visscher: "Re: [Snort-devel] stream4 preprocessor"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:08:12 EDT

Do you need help?