Output Modules


153


Table 4 3 CSV Options (continued)


Name


Description


tcplen


TCP length.


tcpwindow


TCP window size.


ttl


TTL value in the IP header.


tos


Type of Service field of IP header.


id


Packet ID.


dgmlen


Datagram length.


iplen


Length part in the IP header.


icmptype


Type field in ICMP header.


icmpcode


Code part in ICMP header.


icmpid


ID part of ICMP header.


icmpseq


ICMP sequence.


You can use only a few of these options in the CSV file as required. The following


line in snort.conf will record only timestamp, msg, source, and destination IP


addresses.


output csv: csv_log timestamp,msg,src,dst


The log entries will look like the following:


07/23 19:31:27.128106 ,GET matched,192.168.1.2,192.168.10.193


07/23 19:31:27.278106 ,GET matched,192.168.1.2,192.168.10.193


4.2.9


Unified Logging Output Module


Unified output is good for high speed logging. You can have alerts and logs going


into separate files. The general format of these modules is as follows:


output alert_unified: filename , \


   limit 


output log_unified: filename , \


   limit 


The size of the file is expressed in Mbytes. You should enable both alert and log


files to keep a complete record of data because the alert file does not contain detailed


information about the packets. The following is an example of enabling unified output


from Snort. These two lines in the snort.conf file enable unified output.








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      toronto web hosting

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Cheap Web Hosting
JSP Web Hosting
Ontario Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Java Hosting
Cheapest Hosting



Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved