Help

[Carlos Alberto Llano Rodriguez <carlos_llano () hotmail com>]

Hi everyone!

I need your help please, I had a old issue with my snort 2.9.7.0. In the past i worked with snort 2.9.2 and we modified 
the snort to force to log all the packets related to an event, even if they are already logged with another event.

In

src/preprocessors/Stream5/snort_stream5_tcp.c

we used ss->buffered = SL_BUF_DUMPED;

Now, I'm working with 2.9.7.0 (one year aprox), and I need the same feature.

I've been that the first packet is not related with the event, the event is related with an event later. The packet 
appears later with another event.

please, my question is, in this version, how can I force the snort to log all the packets  related to an event, even if 
they are already logged with another event?

thank you very much for your attention and help!

Carlos Llano
Cali - Colombia

------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!