Snort mailing list archives
Re: Fwd: Re: barnyard2-1.10 major problem
From: "Safwat Fahmy" <safwat.fahmy () safemedia com>
Date: Thu, 25 Oct 2012 13:05:19 -0400
Can you please explain to me how the schema cause this issue if BY2 delivers 2 separate events not one event with two assembled packet? This might help me understand better to find a work around Safwat -----Original Message----- From: beenph [mailto:beenph () gmail com] Sent: Thursday, October 25, 2012 12:46 PM To: Lawrence R. Hughes, Sr. Cc: barnyard2-users () googlegroups com; snort-users Subject: Re: [Snort-users] Fwd: Re: barnyard2-1.10 major problem u2spewfoo show it as 1 event two packet. Look
sensor id: 0 event id: 1 event second: 1350903278
packet second: 1350903278 packet microsecond: 178786
linktype: 1 packet_length: 449
sensor id: 0 event id: 1 event second: 1350903278
packet second: 1350903278 packet microsecond: 300156
linktype: 1 packet_length: 381
You have it all wrong beenph! Just ask the guys at SF the above should be treated as a single event with
2
packets.
Its how its treated. 1 event 2 packet But with the current database schema its logged as two full event. The problem you highlight is not the spooler. It is the Default database schema. If you use that schema in your commercial activities you have to deal/understand with its restrictions. The new schema will handle this without an issue. In the meantime you can probably correlate this writing a smart query. Cheers, -elz ---------------------------------------------------------------------------- -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! ------------------------------------------------------------------------------ WINDOWS 8 is here. Millions of people. Your app in 30 days. Visit The Windows 8 Center at Sourceforge for all your go to resources. http://windows8center.sourceforge.net/ join-generation-app-and-make-money-coding-fast/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: Fwd: Re: barnyard2-1.10 major problem, (continued)
- Re: Fwd: Re: barnyard2-1.10 major problem beenph (Oct 25)
- Re: Fwd: Re: barnyard2-1.10 major problem Lawrence R. Hughes, Sr. (Oct 25)
- Re: Fwd: Re: barnyard2-1.10 major problem beenph (Oct 25)
- Re: Fwd: Re: barnyard2-1.10 major problem Lawrence R. Hughes, Sr. (Oct 25)
- Re: Fwd: Re: barnyard2-1.10 major problem beenph (Oct 25)
- Re: Fwd: Re: barnyard2-1.10 major problem Lawrence R. Hughes, Sr. (Oct 25)
- Re: Fwd: Re: barnyard2-1.10 major problem beenph (Oct 25)
- Re: Fwd: Re: barnyard2-1.10 major problem Lawrence R. Hughes, Sr. (Oct 25)
- Re: Fwd: Re: barnyard2-1.10 major problem beenph (Oct 25)
- Message not available
- Re: FW: Fwd: Re: barnyard2-1.10 major problem beenph (Oct 25)
- Re: Fwd: Re: barnyard2-1.10 major problem Safwat Fahmy (Oct 27)