Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Unified2 extra data

From: beenph <beenph () gmail com>
Date: Thu, 3 Jan 2013 09:33:05 -0500
On Thu, Jan 3, 2013 at 8:58 AM, Peter Bates <peter.bates () ucl ac uk> wrote:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



<SNIP>


Is this extra information then understood by the likes of Barnyard2
and added to a database, or only viewable with u2spewfoo?

</SNIP>

EXTRA DATA  record are read but not logged by barnyard2 2-1.x

There was a patch against 2-1.9 to log to a modified db extra data but it
has not been ported to
2-1.1x.

You can allways use u2spewfoo for now.


-elz



Thanks.

- --

------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnmore_122712
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: