'[Snort-users] data_log output'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       snort-users
Subject:    [Snort-users] data_log output
From:       Sunil Koul <koulsunil1 () gmail ! com>
Date:       2016-06-19 12:49:34
Message-ID: CABuvaKK_SUkGn1zBvcr1r1M-ZUkbwun2ufvnR85kYdcshepmEQ () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


Hello people

I would like to know the correct usage for data_log inspector. When i use
snort -c $my_path/etc/snort/snort.lua \
        --plugin-path $my_path/lib/snort_extra \
        -A alert_ex -r /path/to/my.pcap
as mentioned in doc/usage.txt after including data_log = { key =
'http_raw_uri' } in snort.lua, a data.log gets created in the home
directory but with no output(blank).

How do i explicitly load only the data_log inspector to extract and print
data onto the data.log file?

Thanks
Sunil

[Attachment #5 (text/html)]

<div dir="ltr"><span style="font-size:12.8px">Hello people</span><div \
style="font-size:12.8px"><br></div><div style="font-size:12.8px">I would like to know \
the correct usage for data_log inspector. When i use</div><div \
style="font-size:12.8px"><div>snort -c $my_path/etc/snort/snort.lua \</div><div>      \
--plugin-path $my_path/lib/snort_extra \</div><div>            -A alert_ex -r \
/path/to/my.pcap  </div><div>as mentioned in doc/usage.txt after including  data_log \
= { key = &#39;http_raw_uri&#39; } in snort.lua, a data.log gets created in the home \
directory but with no output(blank).</div></div><div \
style="font-size:12.8px"><br></div><div style="font-size:12.8px">How do i explicitly \
load only the data_log inspector to extract and print data onto the data.log \
file?</div><div style="font-size:12.8px"><br></div><div \
style="font-size:12.8px">Thanks</div><div style="font-size:12.8px">Sunil</div></div>



------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports. http://sdm.link/zohomanageengine

_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic