Menu
▾
▴
Re: [Snort-inline-users] logging of timed out connections in stream4
|
From: Victor J. <vi...@nk...> - 2004-07-07 14:27:51
|
On Wednesday 07 July 2004 16:17, Geffrey Velasquez [MINAG] wrote: <snip> > > > > Why? The snort_inline-fast file normally logs the reasons for > > dropping a connection... > > I'm using ACID, this log could be stored in the ACID DB? I prefer a simple > log file and alerts in the ACID DB... but maybe we could change that or > maybe I'm wrong... Well, when looking at the code, i came under the impression that the timeout is not the only trigger for dropping the connection at this point in the code. 'Connections' which don't start with a syn bit (aka scans) could also match... but i'm not sure about this, so maybe the author of it (Rob?) could clear this issue up? > > > > > My idea would be to make the logging an option for the stream4 > > > > preproc, with the default being not logging. > > > > > > > > Something like this: > > > > preprocessor stream4: disable_evasion_alerts, detect_scans, timeout > > > > 120, log_drops > > > > <snip> Regards, Victor |
