LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 01-05-2012, 09:29 AM   #1
Avanti
LQ Newbie
 
Registered: Oct 2011
Posts: 10

Rep: Reputation: Disabled
how do log files extract information from the packets?


hello,
I m using snort in logger mode.Snort also works in packet logger mode where it logs the packet into files.These files contains the information as

Proxy-Connection: Keep-Alive
Connection: Keep-Alive
Content-Length: 375
Via: 1.1 MIT-TMG
Age: 1687
Date: Wed, 04 Jan 2012 09:08:06 GMT
Content-Type: application/vnd.google.safebrowsing-chunk
Server: Chunked Update Server
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Cache-Control: public,max-age=172800

how do log files extract information from the packets?
 
Old 01-05-2012, 10:57 AM   #2
corp769
Guru
 
Registered: Apr 2005
Posts: 5,814

Rep: Reputation: 1001Reputation: 1001Reputation: 1001Reputation: 1001Reputation: 1001Reputation: 1001Reputation: 1001Reputation: 1001
The log files are not extracting anything from the packets; Snort is doing everything. What exactly are you trying to ask though? How snort captures the data? Or how it writes the needed data to the log file and the pcap files?
 
Old 01-05-2012, 01:23 PM   #3
Avanti
LQ Newbie
 
Registered: Oct 2011
Posts: 10

Original Poster
Rep: Reputation: Disabled
hi,
I want to know how it writes the needed data to the log file and the pcap files?
 
Old 01-05-2012, 07:50 PM   #4
corp769
Guru
 
Registered: Apr 2005
Posts: 5,814

Rep: Reputation: 1001Reputation: 1001Reputation: 1001Reputation: 1001Reputation: 1001Reputation: 1001Reputation: 1001Reputation: 1001
That's internal to snort.... That's the program itself. If you really must know, have a look at the source code
 
Old 01-06-2012, 02:12 AM   #5
Avanti
LQ Newbie
 
Registered: Oct 2011
Posts: 10

Original Poster
Rep: Reputation: Disabled
source code of snort

hi,
Does anyone have the source code of snort? I need it urgently....
 
Old 01-06-2012, 02:20 AM   #6
corp769
Guru
 
Registered: Apr 2005
Posts: 5,814

Rep: Reputation: 1001Reputation: 1001Reputation: 1001Reputation: 1001Reputation: 1001Reputation: 1001Reputation: 1001Reputation: 1001
Urgently? If you need it that bad, then you can do the "simple" thing by going online, searching for snort, and seeing that on their web page, you can download the source. Why you would go through the trouble of registering an account on LQ just to ask this question is beyond my thinking skills, as the easiest way to find out is to search using google, yahoo, etc. And why so urgent? Is this part of a homework assignment? If so, then one thing left to say..... We are here voluntarily, therefore, we are not doing your homework for you.

Thank you for understanding, and wish the best of luck to you.

Josh
 
Old 01-11-2012, 12:21 PM   #7
Linux_Kidd
Member
 
Registered: Jan 2006
Location: USA
Posts: 539

Rep: Reputation: 51
snort writes it's log files by parsing the packets based on the rules for the packet type in question. you didnt say, buy my guess is your snort is connected to a ethernet network (many other types of networks to which one could parse/dissect, etc).
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Perl extract information for a particular column kdelover Programming 7 10-26-2010 04:24 AM
System Log Files - What information do they contain and how useful they can be? Hi_This_is_Dev Linux - Server 6 09-21-2010 12:34 PM
How to extract information element from Beacon Frame. Mr.J Linux - Wireless Networking 0 04-25-2009 10:49 PM
Extract Local User Information borisys Red Hat 1 02-20-2009 11:53 AM
Extract information from mail boxes pcwulf Linux - Software 0 06-20-2004 09:04 PM


All times are GMT -5. The time now is 12:29 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration