Re: http_client_data and logging

[Joel Esler <jesler () sourcefire com>]

Do you have a tagged packet?

Are you logging in pcap mode or unified2?



On Thu, May 26, 2011 at 10:18 AM, Eoin Miller <
eoin.miller () trojanedbinaries com> wrote:

> On 5/25/2011 11:21 PM, James Lay wrote:
> > Do you get the same results in the pcap versus unified?
> Haven't tried, most centralized database driven setups aren't pulling in
> the PCAP's, they are working with the Unified2 output and barnyard. This
> is turning into a real annoyance.
>
> -- Eoin
>
>
> ------------------------------------------------------------------------------
> vRanger cuts backup time in half-while increasing security.
> With the market-leading solution for virtual backup and recovery,
> you get blazing-fast, flexible, and affordable data protection.
> Download your free trial now.
> http://p.sf.net/sfu/quest-d2dcopy1
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------
vRanger cuts backup time in half-while increasing security.
With the market-leading solution for virtual backup and recovery, 
you get blazing-fast, flexible, and affordable data protection.
Download your free trial now. 
http://p.sf.net/sfu/quest-d2dcopy1

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users