Open rbshadow opened 7 years ago
For the first time it comes with Snorter_Ubuntu-14.04.sh script.
Really nice!!
Maybe we can create some script in the future, or even a web-app to show all this stats.
So, I thought it'd be better if this option is not enabled by default, I mean, add an option like:
./Snorter_Ubuntu-14.04.sh -i <INTERFACE> -o <OINKCODE> --enable-openapp
So only people who really need the OpenAppID will install it (thinking about people who use Snort for PCAP analysis instead of IDS/IPS). What do you think?
Great Job! 😄
Yeah great idea. Let me try. @joanbono bro
Updated the devel
branch. Test it and let me know.
If everything works well, will add this to the Snorter
script, and then merge to the master
branch.
Stay in touch, @rbshadow
Integrating OpenAppID ( Application Detector Package )
Log directory:
/var/log/snort/
Run Command:sudo u2openappid /var/log/snort/appstats-u2.log.1393807981
( Your log id should not be the same )Output: { Sample }
statTime="1393807860",appName="chrome",txBytes="6043",rxBytes="111267" statTime="1393807860",appName="dns",txBytes="8708",rxBytes="38103" statTime="1393807860",appName="http",txBytes="200399",rxBytes="1444070" statTime="1393807860",appName="cnn.com",txBytes="198478",rxBytes="1557970" statTime="1393807860",appName="doubleclick",txBytes="5543",rxBytes="2598" statTime="1393807860",appName="truste",txBytes="1829",rxBytes="12208" statTime="1393807860",appName="washington_time",txBytes="2210",rxBytes="1401"