[Snort-devel] Clue needed

Erek Adams erek at ...105...
Sat Jan 27 15:20:17 EST 2001


Ok, I'm a bit confused by this...

I've got tcpdump logs of network data.  Running these logs thru gives me the
same thing:  Header info and perhaps 10 bytes of the packet dump.  Now whats
odd is when I'm recording the packets, I can see (snort -vd) that the entire
packet is there and can be decoded.  The entire packet gets logged into MySQL
just fine.  But when I try to pull the same packet out of the binary logs, I
don't think that I'm getting all of the payload.

Am I expecting the wrong thing?  Do I need to be clued?

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net





More information about the Snort-devel mailing list