LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   how do log files extract information from the packets? (http://www.linuxquestions.org/questions/linux-security-4/how-do-log-files-extract-information-from-the-packets-922206/)

Avanti 01-05-2012 08:29 AM

how do log files extract information from the packets?
 
hello,
I m using snort in logger mode.Snort also works in packet logger mode where it logs the packet into files.These files contains the information as

Proxy-Connection: Keep-Alive
Connection: Keep-Alive
Content-Length: 375
Via: 1.1 MIT-TMG
Age: 1687
Date: Wed, 04 Jan 2012 09:08:06 GMT
Content-Type: application/vnd.google.safebrowsing-chunk
Server: Chunked Update Server
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Cache-Control: public,max-age=172800

how do log files extract information from the packets?

corp769 01-05-2012 09:57 AM

The log files are not extracting anything from the packets; Snort is doing everything. What exactly are you trying to ask though? How snort captures the data? Or how it writes the needed data to the log file and the pcap files?

Avanti 01-05-2012 12:23 PM

hi,
I want to know how it writes the needed data to the log file and the pcap files?

corp769 01-05-2012 06:50 PM

That's internal to snort.... That's the program itself. If you really must know, have a look at the source code ;)

Avanti 01-06-2012 01:12 AM

source code of snort
 
hi,
Does anyone have the source code of snort? I need it urgently....

corp769 01-06-2012 01:20 AM

Urgently? If you need it that bad, then you can do the "simple" thing by going online, searching for snort, and seeing that on their web page, you can download the source. Why you would go through the trouble of registering an account on LQ just to ask this question is beyond my thinking skills, as the easiest way to find out is to search using google, yahoo, etc. And why so urgent? Is this part of a homework assignment? If so, then one thing left to say..... We are here voluntarily, therefore, we are not doing your homework for you.

Thank you for understanding, and wish the best of luck to you.

Josh

Linux_Kidd 01-11-2012 11:21 AM

snort writes it's log files by parsing the packets based on the rules for the packet type in question. you didnt say, buy my guess is your snort is connected to a ethernet network (many other types of networks to which one could parse/dissect, etc).


All times are GMT -5. The time now is 02:39 PM.