Snort mailing list archives
Re: 'only_stream' (and other alternate decode buffers) do not write out data to the logs
From: Jason Brvenik <jason.brvenik () sourcefire com>
Date: Fri, 7 Oct 2011 22:17:57 -0400
I'm sure one of the devs will know better but I want to say it has been years. On Oct 7, 2011 10:15 PM, <Joshua.Kinard () us-cert gov> wrote:
-----Original Message----- From: Jason Brvenik [mailto:jason.brvenik () sourcefire com] Sent: Friday, October 07, 2011 8:51 PM Subject: Re: [Snort-devel] 'only_stream' (and other alternate decode buffers) do not write out data to the logsAFAIK psuedo packet logging is gone and has been for a while. The only output method that supports this (differently mind you) is unified2. If you log to unified2 it will log the event and the packet(s) that made up the event. In your case these should be the packets that created the reassembled pseudo packet.Interesting. Do you know of a particular date this might have happened around? I'd like to go dig into CVS and maybe re-integrate the code and try it out. Could've been a problem with it initially that forced the removal. I haven't played with unified2 that much. I typically just log to straight libpcap files and analyze them in WireShark. Thanks!, --J
------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2d-oct
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- 'only_stream' (and other alternate decode buffers) do not write out data to the logs Joshua.Kinard (Oct 07)
- Re: 'only_stream' (and other alternate decode buffers) do not write out data to the logs Joel Esler (Oct 07)
- Re: 'only_stream' (and other alternate decode buffers) do not write out data to the logs Joshua.Kinard (Oct 07)
- Re: 'only_stream' (and other alternate decode buffers) do not write out data to the logs Jason Brvenik (Oct 12)
- Re: 'only_stream' (and other alternate decode buffers) do not write out data to the logs Joshua.Kinard (Oct 07)
- Re: 'only_stream' (and other alternate decode buffers) do not write out data to the logs Steven Sturges (Oct 08)
- Re: 'only_stream' (and other alternate decode buffers) do not write out data to the logs Joel Esler (Oct 08)
- Re: 'only_stream' (and other alternate decode buffers) do not write out data to the logs Joshua.Kinard (Oct 12)
- Re: 'only_stream' (and other alternate decode buffers) do not write out data to the logs Jason Brvenik (Oct 12)
- Re: 'only_stream' (and other alternate decode buffers) do not write out data to the logs Joshua.Kinard (Oct 07)
- Re: 'only_stream' (and other alternate decode buffers) do not write out data to the logs Joel Esler (Oct 07)