[Snort-devel] Snort.org Blog: Snort 2.9.1 beta coming soon!

beenph beenph at ...2499...
Mon Jun 13 14:16:40 EDT 2011


>On Mon, Jun 13, 2011 at 12:45 PM, Joel Esler <jesler at ...402...> wrote:
> On Jun 13, 2011, at 12:13 PM, Russ Combs wrote:
>>
>> Does the HTTP, SMTP, etc. logging take place in its own thread, or
>> does it block the detection thread?
>
> No - logging is in the main thread
>
> It is included in the unified2 output file, use the u2spewfoo tool included
> with Snort to see this.
> Barnyard2 developers (Snorby et all), if they want to to include this output
> in their tools, will have to update to handle this new output.
> Joel

Barnyard2 currently do not log any of those Unified2ExtraDataHdr.
But it will be able to process file where Unified2ExtraDataHdr are present.

A consensus has to be made betwen frontend developper to determine how they
would like to have Unified2ExtraDataHdr data stored in their datastore.

-elz




More information about the Snort-devel mailing list