Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Port Mirroring

From: Asif Mohammed <asifm () hyve com>
Date: Fri, 26 Apr 2019 17:04:41 +0000
Hi,

I'm using Snort version 2.9.13 on a CentOS 7 server.
I have a VMWare platform which is sending data via port mirroring from another cloud to this.

The data format comes as:

17:32:46.580008 IP <ESXiHostIP> > <SnortHostname>: GREv0, key=0x0, length 82: IP <My IP> > <End Client IP>: ICMP echo 
request, id 1, seq 17436, length 40

Because of the original data with ESXiHostIP and SnortHostname barnyard2 is putting that into the MySQL Database so the 
data is always incorrect


Could we maybe get snort to ignore anything before :
Or maybe even barnyard2 to ignore anything before : and use everything after it?

Thanks


_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

        To unsubscribe, send an email to:
        snort-users-leave () lists snort org

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Previous By Date Next
Previous By Thread Next

Current thread: