Re: Fwd: Re: barnyard2-1.10 major problem

[beenph <beenph () gmail com>]

On Thu, Oct 25, 2012 at 9:40 AM, Lawrence R. Hughes, Sr.
<lhughes () safemedia com> wrote:
> Beenph,
>
> As you suggested yesterday to add the following:
>
>
> "add  --alert-on-each-packet-in-stream in your barnyard2 command line
> and it will work as expected."
>
> This does not work, I have a unified2 file from snort that has 4 packets
> along with the alert, but barnyard2-1.10 is only inserting the first packet
> into the snort.data table???

Whats is the barnyard2 command line do you use?

Also what is your unified2 output configuration in snort.conf?



> So far we have increased the CACHED_EVENTS_MAX  from 512 to 2048 and again
> to 4096  (did not help)
> added: --alert-on-each-packet-in-stream to barnyard2 command line (did not
> help).
>
> What do you suggest now to get barnyard2-1.10 to work as you say it should?
> BTW it never worked in barnyard2-1.8 either.
I can't say for 2-1.8.

-elz

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_sfd2d_oct
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!