[Snort-devel] Snort.org Blog: Snort 2.9.1 beta coming soon!
beenph at ...2499...
Mon Jun 13 14:16:40 EDT 2011
>On Mon, Jun 13, 2011 at 12:45 PM, Joel Esler <jesler at ...402...> wrote:
> On Jun 13, 2011, at 12:13 PM, Russ Combs wrote:
>> Does the HTTP, SMTP, etc. logging take place in its own thread, or
>> does it block the detection thread?
> No - logging is in the main thread
> It is included in the unified2 output file, use the u2spewfoo tool included
> with Snort to see this.
> Barnyard2 developers (Snorby et all), if they want to to include this output
> in their tools, will have to update to handle this new output.
Barnyard2 currently do not log any of those Unified2ExtraDataHdr.
But it will be able to process file where Unified2ExtraDataHdr are present.
A consensus has to be made betwen frontend developper to determine how they
would like to have Unified2ExtraDataHdr data stored in their datastore.
More information about the Snort-devel