[Snort-devel] Clue needed
erek at ...105...
Sat Jan 27 15:20:17 EST 2001
Ok, I'm a bit confused by this...
I've got tcpdump logs of network data. Running these logs thru gives me the
same thing: Header info and perhaps 10 bytes of the packet dump. Now whats
odd is when I'm recording the packets, I can see (snort -vd) that the entire
packet is there and can be decoded. The entire packet gets logged into MySQL
just fine. But when I try to pull the same packet out of the binary logs, I
don't think that I'm getting all of the payload.
Am I expecting the wrong thing? Do I need to be clued?
More information about the Snort-devel