Re: Snort 2.8 Beta Available on CVS

["Justin Heath" <justin.heath () gmail com>]

We do not maintain barnyard, so I don't know if someone will update it
to support unified2. However, it shouldn't be hard to update anything
that worked with Unified1 to work with Unified2. Check spo_unified2.c
spo_unified2.h. IMHO, its even easier to work with since everything is
in network byte order.

I don't believe there are any plans at this point to update the
database output plugin for IPv6 support.


Cheers,
Justin


On 8/31/07, Dirk Geschke <Dirk_Geschke () genua de> wrote:
> Hi Justin,
>
> > Unified2 supports IPv6.
>
> yes, but this does not answer the question how this will fit in
> the database.
>
> I guess barnyard is not able to work with unified2, or? And if so there
> is still the question how (or where) to insert IPv6 alerts.
>
> Maybe we have to extend the database scheme by an IpHdr6 table and a field
> where we mention which IP version belongs to the alert so that we can check
> the right tables? And I think we need also fields for header extensions...
>
> I think this is not a big deal but one has to find a scheme which can be
> used by all and should not break with the old one. Or we schould create
> a complete new scheme?
>
> Best regards
>
> Dirk

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users