Meaning of GENERATOR_TAG and TAG_LOG_PKT

[Nitram Eppank <schokoladenriese () googlemail com>]

The spo_unified output plugin makes use of generator id GENERATOR_TAG and
signature id TAG_LOG_PKT when processing a rebuilt packet.
Comments in the spo_unified2 output plugin suggest this is bad and must not
be done. Why was this done in spo_unified; what was/is the meaning of
GENERATOR_TAG and TAG_LOG_PKT? I understand segments after the first segment
are written away as events with this generator; but where is this processed?
It looks to me like barnyard for example doesn't handle this case in any
special way. In my database I don't have a single event with this generator
so it seems this code fragment has not been executed, even though I have
stream5 enabled. Can someone shed some light on that??
Thanks

------------------------------------------------------------------------------
Create and publish websites with WebMatrix
Use the most popular FREE web apps or write code yourself; 
WebMatrix provides all the features you need to develop and 
publish your website. http://p.sf.net/sfu/ms-webmatrix-sf

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel