Snort mailing list archives

Fwd: Re: barnyard2-1.10 major problem


From: Jack <kingofnerds () gmail com>
Date: Thu, 25 Oct 2012 09:13:44 -0400

---------- Forwarded message ----------
From: "Jack" <kingofnerds () gmail com>
Date: Oct 25, 2012 9:11 AM
Subject: Re: [Snort-users] barnyard2-1.10 major problem
To: "beenph" <beenph () gmail com>

Last time I enabled the alert on each packet, I just got more alerts,  what
I think is being requested is to have all the packets in a single alert for
one event
On Oct 24, 2012 12:38 PM, "beenph" <beenph () gmail com> wrote:

On Wed, Oct 24, 2012 at 12:03 PM, Lawrence R. Hughes, Sr.
<lhughes () safemedia com> wrote:
Here is our reponse to Firnsy:

Ok but this was actually an e-mail i wrote, so mabey thats where the
confusion comes from.

----- Original Message ----- From: "Lawrence R. Hughes, Sr."
<lhughes () safemedia com>
To: "firnsy" <firnsy () securixlive com>
Cc: "safwat fahmy" <safwat.fahmy () safemedia com>
Sent: Monday, October 22, 2012 12:08 PM
Subject: Re: barnyard2-1.10 build 310


Hi Firnsy,

Not sure what you wanted me to do with u2_anon (packaged as a windows
zip
w/src code)
Can't compile windows srource code.

For your information u2_anon is written for *nix, github default
download file is zip.
But you wont need it.


We made the change you suggested (Increase CACHED_EVENTS_MAX )

This did not help!!

I am attaching the org. snort unified2 file and you will see one event
with
2 packets,
however by2 only inserted the first packet and this happened after we
modified by2 as you suggested.


add  --alert-on-each-packet-in-stream in your barnyard2 command line
and it will work as expected.

-elz


------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_sfd2d_oct
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest
Snort news!
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_sfd2d_oct
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread: