Hi. I'm trying to use STATE.HTTP to detect the User-Agent header of all my inbound Web traffic and parse the value of it to detect crawlers, robots, etc. Any suggestions?
It almost did. My previous attempts did not take in all the rules for Regular Expressions. Following your example I have configured the sensor, however packetd now refuses to start. I get "W WARNING suppressed while parsing global parameter" messages...
Check out NetForensics. They do IDS, PIX, IOS ACLS, etc. We demoed it here. It's got a heafty price tag and also a large administistrative demand, but I'm not aware of any competitor.