Snort mailing list archives
Re: Why can't I see tcp flags for a triggered alert (snort+base)
From: John Huss <john.huss () thebunker net>
Date: Fri, 23 Jan 2009 11:27:53 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Good Morning, pieter claassen wrote:
Just one thing, don't run snort with mysql compiled in it because you might get performance issues and snort will block when it cannot log to the DB. Barnyard is designed to decouple the IDS/IPS function from network or db issues. Pieter
Ah ok, I didn't know that, thank you Pieter. I'll try that now. Progress report: I did upgrade from 2.6.1.3-r1 to 2.6.1.4 by unmasking the ebuild but with barnyard I'm still not seeing the tcp header options being set. I don't really want to get the source .tar.gz from the snort website to try it as I'd like to stick with portage but I think I might have to try it soon if I can't get the tcp header options to be set. Will report back any developments. Thanks again to everyone for their kind help, it is very appreciated. Best Regards, Johnny -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkl5qbgACgkQ3CnaOmsSwV/FlgCeJCX1vUQTq0YQ/WB3+5HpYwin ECEAoL9DPjk8Rz8vQ5KQ9qLd41881ePg =mx4d -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Why can't I see tcp flags for a triggered alert (snort+base) John Huss (Jan 21)
- Re: Why can't I see tcp flags for a triggered alert (snort+base) Joel Esler (Jan 21)
- Re: Why can't I see tcp flags for a triggered alert (snort+base) John Huss (Jan 21)
- Re: Why can't I see tcp flags for a triggered alert (snort+base) John Huss (Jan 22)
- Re: Why can't I see tcp flags for a triggered alert (snort+base) Joel Esler (Jan 22)
- Re: Why can't I see tcp flags for a triggered alert (snort+base) John Huss (Jan 22)
- Re: Why can't I see tcp flags for a triggered alert (snort+base) Joel Esler (Jan 22)
- Re: Why can't I see tcp flags for a triggered alert (snort+base) John Huss (Jan 23)
- Re: Why can't I see tcp flags for a triggered alert (snort+base) pieter claassen (Jan 23)
- Re: Why can't I see tcp flags for a triggered alert (snort+base) John Huss (Jan 23)
- Re: Why can't I see tcp flags for a triggered alert (snort+base) Joel Esler (Jan 23)
- Re: Why can't I see tcp flags for a triggered alert (snort+base) John Huss (Jan 21)
- Re: Why can't I see tcp flags for a triggered alert (snort+base) Joel Esler (Jan 21)
- Re: Why can't I see tcp flags for a triggered alert (snort+base) Shirk Dog (Jan 22)