Snort mailing list archives
Re: [barnyard2-users] Re: Fwd: Missing packets with by2
From: beenph <beenph () gmail com>
Date: Tue, 24 Jul 2012 15:32:07 -0400
On Tue, Jul 24, 2012 at 3:13 PM, Jim Hranicky <jfh () ufl edu> wrote:
On 07/24/2012 02:50 PM, beenph wrote:1.10.2 - I have patched it to log event info straight to acid_event, but I wouldn't think that would interfere with inserting into the data table, but I suppose you never know.1.10.2? Are you sure your using barnyard2 and not barnyard?Yep, it's actually firnsy-barnyard2-f71a8d3 .Whats your by2 configuration?config reference_file: /etc/snort/reference.config config classification_file: /etc/snort/classification.config config gen_file: /etc/snort/gen-msg.map config sid_file: /etc/snort/sid-msg.map config hostname: <snorthost> config interface: eth0 config dump_payload config dump_payload_verbose config verbose input unified2 output database: log, mysql [...] Jim
Sorry for the confusion 1.10..2 kind of put me into an interrogaton mode. Could you upgrade to latest 2-1.10 https://github.com/firnsy/barnyard2/tree/pre-stable Commit ID: bdc39848ce. A few lines of code have changed since then and i would like to see if it fixes the issue. Never the less, if you are in a position to anonymise your unified2 file i wouldn't mind also taking a look if it can help you. -elz ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Missing packets with by2 Jim Hranicky (Jul 23)
- Message not available
- Fwd: Missing packets with by2 beenph (Jul 23)
- Re: Fwd: Missing packets with by2 Jim Hranicky (Jul 23)
- Re: Fwd: Missing packets with by2 beenph (Jul 23)
- Re: Fwd: Missing packets with by2 Jim Hranicky (Jul 24)
- Re: Fwd: Missing packets with by2 beenph (Jul 24)
- Re: Fwd: Missing packets with by2 Jim Hranicky (Jul 24)
- Re: [barnyard2-users] Re: Fwd: Missing packets with by2 beenph (Jul 24)
- Re: [barnyard2-users] Re: Fwd: Missing packets with by2 Jim Hranicky (Jul 24)
- Re: [barnyard2-users] Re: Fwd: Missing packets with by2 beenph (Jul 24)
- Re: [barnyard2-users] Re: Fwd: Missing packets with by2 Jim Hranicky (Jul 24)
- Re: [barnyard2-users] Re: Fwd: Missing packets with by2 beenph (Jul 24)
- Fwd: Missing packets with by2 beenph (Jul 23)
- Message not available