Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort.org Blog: Snort 2.9.1 beta coming soon!

From: Joel Esler <jesler () sourcefire com>
Date: Mon, 13 Jun 2011 14:32:22 -0400
On Jun 13, 2011, at 2:16 PM, beenph wrote:

On Mon, Jun 13, 2011 at 12:45 PM, Joel Esler <jesler () sourcefire com> wrote:
On Jun 13, 2011, at 12:13 PM, Russ Combs wrote:


Does the HTTP, SMTP, etc. logging take place in its own thread, or
does it block the detection thread?


No - logging is in the main thread

It is included in the unified2 output file, use the u2spewfoo tool included
with Snort to see this.
Barnyard2 developers (Snorby et all), if they want to to include this output
in their tools, will have to update to handle this new output.
Joel


Barnyard2 currently do not log any of those Unified2ExtraDataHdr.
But it will be able to process file where Unified2ExtraDataHdr are present.

A consensus has to be made betwen frontend developper to determine how they
would like to have Unified2ExtraDataHdr data stored in their datastore.


How much interest would there be in the Barnyard2 folks maintaining the sql schema for what *I* refer to as the "Snort 
db schema".  Currently included in /contrib inside the Snort tarball?

Joel
------------------------------------------------------------------------------
EditLive Enterprise is the world's most technically advanced content
authoring tool. Experience the power of Track Changes, Inline Image
Editing and ensure content is compliant with Accessibility Checking.
http://p.sf.net/sfu/ephox-dev2dev
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Previous By Date Next
Previous By Thread Next

Current thread: