Snort mailing list archives
Re: http_client_data and logging
From: beenph <beenph () gmail com>
Date: Thu, 26 May 2011 16:46:23 -0400
Yes there is an issue with tagged packets and barnyard2, im surprised it took a while for some people to notice it. Before friday i will write the fix, and forward it to firnsy. -elz On Thu, May 26, 2011 at 3:56 PM, Joel Esler <jesler () sourcefire com> wrote:
Thanks Eoin. On Thu, May 26, 2011 at 3:49 PM, Eoin Miller <eoin.miller () trojanedbinaries com> wrote:On 5/26/2011 2:58 PM, Joel Esler wrote:Eoin, Okay, let me talk with devel.JasonB asked me to check the unified2 file for further tagged packets. It looks like this is a barnyard2 or Sguil issue as one of those appears to be stripping off the subsequent tagged packets that Snort is appropriately logging into the unified2 output. Thanks for the intel and helping me troubleshoot this guys. -- Eoin------------------------------------------------------------------------------ vRanger cuts backup time in half-while increasing security. With the market-leading solution for virtual backup and recovery, you get blazing-fast, flexible, and affordable data protection. Download your free trial now. http://p.sf.net/sfu/quest-d2dcopy1 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ vRanger cuts backup time in half-while increasing security. With the market-leading solution for virtual backup and recovery, you get blazing-fast, flexible, and affordable data protection. Download your free trial now. http://p.sf.net/sfu/quest-d2dcopy1 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- http_client_data and logging Eoin Miller (May 25)
- Re: http_client_data and logging James Lay (May 25)
- Re: http_client_data and logging Eoin Miller (May 26)
- Re: http_client_data and logging Joel Esler (May 26)
- Re: http_client_data and logging Eoin Miller (May 26)
- Re: http_client_data and logging Joel Esler (May 26)
- Re: http_client_data and logging Eoin Miller (May 26)
- Re: http_client_data and logging Joel Esler (May 26)
- Re: http_client_data and logging beenph (May 26)
- Re: http_client_data and logging Edward Fjellskål (May 26)
- Re: http_client_data and logging Eoin Miller (May 26)
- Re: http_client_data and logging James Lay (May 25)
- Re: http_client_data and logging Lay, James (May 26)