[Snort-devel] Unified vs. Unified2 output?

Steven Sturges steve.sturges at ...402...
Tue Jan 22 13:30:07 EST 2008


unified2 has a more extensible format and allows for other data
beyond just events and packets.  The record data is independent
of the type.  In the future, performance stats, extended portscan
information will be logged via unified2.

For example, unified2 supports logging of IPv6 addresses in an event
record, whereas events under unified output did not because of the
fixed data structure for the event output type.

Cheers
-steve

c0uchw4rrior wrote:
> Hey folks,
> 
> What is the difference between the Unified output format and the new
> Unified2 output format?
> 
> Thanks,
> c0uch
> 
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2008.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
> 




More information about the Snort-devel mailing list