Re: Fwd: Re: barnyard2-1.10 major problem

["Lawrence R. Hughes, Sr." <lhughes () safemedia com>]

Beenph,

Running the command line you suggested using that file, the results were one 
(1) event with the first packet from unified2 file.
Barnyard2 did not insert the second packet of the same event into the 
snort.data table.

Thanks,
Larry

----- Original Message ----- 
From: "beenph" <beenph () gmail com>
To: "Lawrence R. Hughes, Sr." <lhughes () safemedia com>
Cc: <barnyard2-users () googlegroups com>; "snort-users" 
<snort-users () lists sourceforge net>
Sent: Thursday, October 25, 2012 10:07 AM
Subject: Re: [Snort-users] Fwd: Re: barnyard2-1.10 major problem


> On Thu, Oct 25, 2012 at 10:00 AM, Lawrence R. Hughes, Sr.
> <lhughes () safemedia com> wrote:
> > Beenph,
> >
> > barnyard2-1.10 command line:
> >    /smlog/barnyard2/bin/barnyard2 -eDUqc 
> > /smlog/barnyard2/etc/barnyard2.conf
> > --alert-on-each-packet-in-stream --pid-path /smlog/ -l 
> > /smlog/logs/barnyard2
> > -d /smlog/logs -f snort.log -w /smlog/logs/snort.waldo &
> > snort.conf:
> >    output unified2: filename snort.log, limit 128
> Did you try your command line with the file you sent to the list?
> Did you get 2 events logged from that unified2 file?
>
>
> -elz


------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_sfd2d_oct
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!