[Snort-devel] snort-1.9.0b6 and barnyard discrepancies

Chris Green cmg at ...402...
Thu Aug 22 13:14:04 EDT 2002


Andreas Hasenack <andreas at ...836...> writes:

> I have a tcpdump file generated by snort 1.9.0b6 with a network
> trace that is different from what got inserted in the mysql
> database. Quite different.

If you have the TCPdump file, I'd appreciate seeing it ( and the
alert it set off ).

There's been a few people that have complained about this and I've not
seen anyone isolate it down to an output method or test case.   If SQL
is different from TCP dump output, that is as good a place as any to
start debugging.
-- 
Chris Green <cmg at ...402...>
A good pun is its own reword.




More information about the Snort-devel mailing list