#Adding new feature OpenAppID #15
Comments
|
For the first time it comes with Snorter_Ubuntu-14.04.sh script. |
|
Really nice!! Maybe we can create some script in the future, or even a web-app to show all this stats. So, I thought it'd be better if this option is not enabled by default, I mean, add an option like: ./Snorter_Ubuntu-14.04.sh -i <INTERFACE> -o <OINKCODE> --enable-openappSo only people who really need the OpenAppID will install it (thinking about people who use Snort for PCAP analysis instead of IDS/IPS). What do you think? Great Job! 😄 |
|
Yeah great idea. Let me try. @joanbono bro |
|
Updated the If everything works well, will add this to the Stay in touch, @rbshadow |
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
Integrating OpenAppID ( Application Detector Package )
Log directory:
/var/log/snort/Run Command:
sudo u2openappid /var/log/snort/appstats-u2.log.1393807981( Your log id should not be the same )Output: { Sample }
statTime="1393807860",appName="chrome",txBytes="6043",rxBytes="111267" statTime="1393807860",appName="dns",txBytes="8708",rxBytes="38103" statTime="1393807860",appName="http",txBytes="200399",rxBytes="1444070" statTime="1393807860",appName="cnn.com",txBytes="198478",rxBytes="1557970" statTime="1393807860",appName="doubleclick",txBytes="5543",rxBytes="2598" statTime="1393807860",appName="truste",txBytes="1829",rxBytes="12208" statTime="1393807860",appName="washington_time",txBytes="2210",rxBytes="1401"The text was updated successfully, but these errors were encountered: