Re: [barnyard2-users] Re: Offering a 64bit version of Snort for Windows?

[beenph <beenph () gmail com>]

On Wed, Oct 31, 2012 at 11:54 PM, Michael Steele <michaels () winsnort com> wrote:
> Attached is what is showing in the console window when the warning is
> displayed. It looks like the warning is about a port 1025
>
> Also the log file.
>
> Michael...

Seem's like in your use context sfPortscan is very verbose and its
reaching barnyard2 default CACHED_MAX_EVENT (256)
defined in spooler.c,
you can edit spooler.c, and set CACHED_MAX_EVENT to something arround 2048

And with the version of barnyard2  your using you might want to add
--alert-on-each-packet-in-stream to the command line.

--alert-on-each-packet-in-stream is defaulted in 2-1.11 and the
configuration directive config cache_max_event is available in the
config file.

With those changes you will still get an error printed by barnyard2:
XXXXX: Invoked with Packet[0x0] Event[0x6a49e0] Event Type [7] Context
pointer[0x6abb90]

This is related to the following event present in the unified2 file
that has no packet
(Event)
        sensor id: 0    event id: 302   event second: 1351741030
 event microsecond: 722224
        sig id: 18608   gen id: 1       revision: 5      classification: 33
        priority: 1     ip source: 10.0.0.3     ip destination: XXX.XXX.XXX.XXX
        src port: 59150 dest port: 80   protocol: 6     impact_flag: 0
 blocked: 0


2-1.11 should be released before the end of the week.

Cheers
-elz

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_sfd2d_oct
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!