Snort mailing list archives
Re: Fwd: Re: barnyard2-1.10 major problem
From: beenph <beenph () gmail com>
Date: Thu, 25 Oct 2012 12:46:28 -0400
u2spewfoo show it as 1 event two packet. Look
sensor id: 0 event id: 1 event second: 1350903278 packet second: 1350903278 packet microsecond: 178786 linktype: 1 packet_length: 449
sensor id: 0 event id: 1 event second: 1350903278 packet second: 1350903278 packet microsecond: 300156 linktype: 1 packet_length: 381
You have it all wrong beenph! Just ask the guys at SF the above should be treated as a single event with 2 packets.
Its how its treated. 1 event 2 packet But with the current database schema its logged as two full event. The problem you highlight is not the spooler. It is the Default database schema. If you use that schema in your commercial activities you have to deal/understand with its restrictions. The new schema will handle this without an issue. In the meantime you can probably correlate this writing a smart query. Cheers, -elz ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: Fwd: Re: barnyard2-1.10 major problem, (continued)
- Re: Fwd: Re: barnyard2-1.10 major problem beenph (Oct 25)
- Re: Fwd: Re: barnyard2-1.10 major problem Lawrence R. Hughes, Sr. (Oct 25)
- Re: Fwd: Re: barnyard2-1.10 major problem beenph (Oct 25)
- Re: Fwd: Re: barnyard2-1.10 major problem Lawrence R. Hughes, Sr. (Oct 25)
- Re: Fwd: Re: barnyard2-1.10 major problem beenph (Oct 25)
- Re: Fwd: Re: barnyard2-1.10 major problem Lawrence R. Hughes, Sr. (Oct 25)
- Re: Fwd: Re: barnyard2-1.10 major problem beenph (Oct 25)
- Re: Fwd: Re: barnyard2-1.10 major problem Lawrence R. Hughes, Sr. (Oct 25)
- Re: Fwd: Re: barnyard2-1.10 major problem beenph (Oct 25)
- Re: Fwd: Re: barnyard2-1.10 major problem Lawrence R. Hughes, Sr. (Oct 25)
- Re: Fwd: Re: barnyard2-1.10 major problem beenph (Oct 25)
- Re: Fwd: Re: barnyard2-1.10 major problem Lawrence R. Hughes, Sr. (Oct 25)
- Re: Fwd: Re: barnyard2-1.10 major problem beenph (Oct 25)
- Message not available
- Re: FW: Fwd: Re: barnyard2-1.10 major problem beenph (Oct 25)
- Re: Fwd: Re: barnyard2-1.10 major problem Safwat Fahmy (Oct 27)