next up previous contents
Next: Reading Unified2 Files Up: unified 2 Previous: Example   Contents

Extra Data Configurations

Unified2 also has logging support for various extra data. The following configuration items will enable these extra data logging facilities. 

config log_ipv6_extra_data

This option enables Snort to log IPv6 source and destination address as unified2 extra data events.

See section 2.1.3 for more information 

enable_xff

This option enables HTTP Inspect to parse and log the original client IP present in the X-Forwarded-For or True-Client- IP HTTP request headers along with the generated events.

See section 2.2.6 for more information 

log_uri

This option enables HTTP Inspect to parse and log the URI data from the HTTP request and log it along with all the generated events for that session.

See section 2.2.6 for more information 

log_hostname

This option enables HTTP Inspect to parse and log the Host header data from the HTTP request and log it along with all the generated events for that session.

See section 2.2.6 for more information 

log_hostname

This option enables HTTP Inspect to parse and log the Host header data from the HTTP request and log it along with all the generated events for that session.

See section 2.2.6 for more information 

log_mailfrom

This option enables SMTP preprocessor to parse and log the senders email address extracted from the "MAIL FROM" command along with all the generated events for that session.

See section 2.2.7 for more information 

log_rcptto

This option enables SMTP preprocessor to parse and log the recipients email address extracted from the "RCPT FROM" command along with all the generated events for that session.

See section 2.2.7 for more information 

log_rcptto

This option enables SMTP preprocessor to parse and log the MIME attachment filenames extracted from the Content-Dispostion header within the MIME body along with all the generated events for that session.

See section 2.2.7 for more information 

log_email_hdrs

This option enables SMTP preprocessor to parse and log the SMTP email headers extracted from the SMTP data along with all the generated events for that session.

See section 2.2.7 for more information

next up previous contents
Next: Reading Unified2 Files Up: unified 2 Previous: Example   Contents
Eugene Misnik 2013-05-08