Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Offering a 64bit version of Snort for Windows?

From: beenph <beenph () gmail com>
Date: Wed, 31 Oct 2012 21:02:11 -0400
On Wed, Oct 31, 2012 at 8:29 PM, Michael Steele <michaels () winsnort com> wrote:

In my snort.conf:

output unified2: filename merged.log, limit 128

This is the first time I've seen these entries.


There could be many reason why this could happen.
Are you able to reproduce it with an empty log directory and restarting snort?

Or did someone sent you a unified2 file?

What version of snort was used to produce that unified2 file?

But the essence of the message is  that barnyard2 read a unified2 packet event
and it was sent to the output plugin but since there is no cached
event or previously read event that matches,
processing will not go further since we need a unified2 event (read
previously or cached) and a packet to log to the database.

You also might want to observe the unified2 file structure by using u2spewfoo.

-elz

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_sfd2d_oct
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: