Snort mailing list archives

Re: Unified2 Missing event record

From: Ron H via Snort-devel <snort-devel () lists snort org>
Date: Tue, 16 Jul 2019 19:50:03 +0300

More details:
Our application creates pcaps files from unified2 snort output.
The application read unified2 records (Event record and Packet record)
The issue is Snort writes unifed2 files frequently without event record
(Only Packet record)

This situation can be normal?

Thanks,
Ron :)


On Tue, Jul 16, 2019 at 7:42 PM Ron H <ronh.work () gmail com> wrote:

UP! :)
Does someone know this issue?

On Mon, Jul 8, 2019 at 7:31 PM Ron H <ronh.work () gmail com> wrote:

Hey Snort devel,

We have an issue with Snort Unified2 output.
Snort write packet record without write event record.
This issue happens frequently.

out snort version is *2.9.11.1*
Snort run on Ubuntu 16.04 Docker container

We are would be grateful to any assistance.
Thanks!

_______________________________________________
Snort-devel mailing list
Snort-devel () lists snort org
https://lists.snort.org/mailman/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!

Current thread:

Unified2 Missing event record Ron H via Snort-devel (Jul 08)
- Re: Unified2 Missing event record Ron H via Snort-devel (Jul 16)
  - Re: Unified2 Missing event record Al Lewis (allewi) via Snort-devel (Jul 16)
  - Re: Unified2 Missing event record Ron H via Snort-devel (Jul 16)
    - Re: Unified2 Missing event record Ron H via Snort-devel (Jul 16)
    - Re: Unified2 Missing event record Ron H via Snort-devel (Jul 16)