rbshadow
commented
7 years ago For the first time it comes with Snorter_Ubuntu-14.04.sh script.
Open rbshadow opened 7 years ago
rbshadow
commented
7 years ago For the first time it comes with Snorter_Ubuntu-14.04.sh script.
joanbono
commented
7 years ago Really nice!!
Maybe we can create some script in the future, or even a web-app to show all this stats.
So, I thought it'd be better if this option is not enabled by default, I mean, add an option like:
./Snorter_Ubuntu-14.04.sh -i <INTERFACE> -o <OINKCODE> --enable-openappSo only people who really need the OpenAppID will install it (thinking about people who use Snort for PCAP analysis instead of IDS/IPS). What do you think?
Great Job! 😄
rbshadow
commented
7 years ago Yeah great idea. Let me try. @joanbono bro
joanbono
commented
7 years ago Updated the devel branch. Test it and let me know.
If everything works well, will add this to the Snorter script, and then merge to the master branch.
Stay in touch, @rbshadow
Integrating OpenAppID ( Application Detector Package )
Log directory:
/var/log/snort/Run Command:sudo u2openappid /var/log/snort/appstats-u2.log.1393807981( Your log id should not be the same )Output: { Sample }
statTime="1393807860",appName="chrome",txBytes="6043",rxBytes="111267" statTime="1393807860",appName="dns",txBytes="8708",rxBytes="38103" statTime="1393807860",appName="http",txBytes="200399",rxBytes="1444070" statTime="1393807860",appName="cnn.com",txBytes="198478",rxBytes="1557970" statTime="1393807860",appName="doubleclick",txBytes="5543",rxBytes="2598" statTime="1393807860",appName="truste",txBytes="1829",rxBytes="12208" statTime="1393807860",appName="washington_time",txBytes="2210",rxBytes="1401"