Snort mailing list archives
Re: http_client_data and logging
From: "Lay, James" <james.lay () wincofoods com>
Date: Thu, 26 May 2011 08:50:44 -0600
Ah....that's something I would try then....log to pcap, log to unified2, and log to alert.fast maybe for a test...this way you may see something in one, that may not be in the other. James
-----Original Message----- From: Eoin Miller [mailto:eoin.miller () trojanedbinaries com] Sent: Thursday, May 26, 2011 8:19 AM To: James Lay Cc: Snort Subject: Re: [Snort-users] http_client_data and logging On 5/25/2011 11:21 PM, James Lay wrote:Do you get the same results in the pcap versus unified?Haven't tried, most centralized database driven setups aren't pulling
in the
PCAP's, they are working with the Unified2 output and barnyard. This
is
turning into a real annoyance. -- Eoin
------------------------------------------------------------------------ ----
-- vRanger cuts backup time in half-while increasing security. With the market-leading solution for virtual backup and recovery, you
get
blazing-fast, flexible, and affordable data protection. Download your free trial now. http://p.sf.net/sfu/quest-d2dcopy1 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ vRanger cuts backup time in half-while increasing security. With the market-leading solution for virtual backup and recovery, you get blazing-fast, flexible, and affordable data protection. Download your free trial now. http://p.sf.net/sfu/quest-d2dcopy1 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- http_client_data and logging Eoin Miller (May 25)
- Re: http_client_data and logging James Lay (May 25)
- Re: http_client_data and logging Eoin Miller (May 26)
- Re: http_client_data and logging Joel Esler (May 26)
- Re: http_client_data and logging Eoin Miller (May 26)
- Re: http_client_data and logging Joel Esler (May 26)
- Re: http_client_data and logging Eoin Miller (May 26)
- Re: http_client_data and logging Joel Esler (May 26)
- Re: http_client_data and logging beenph (May 26)
- Re: http_client_data and logging Edward Fjellskål (May 26)
- Re: http_client_data and logging Eoin Miller (May 26)
- Re: http_client_data and logging James Lay (May 25)
- Re: http_client_data and logging Lay, James (May 26)