[Snort-devel] Snort.org Blog: Snort 2.9.1 beta coming soon!

Joel Esler jesler at ...402...
Mon Jun 13 14:32:22 EDT 2011


On Jun 13, 2011, at 2:16 PM, beenph wrote:
>> On Mon, Jun 13, 2011 at 12:45 PM, Joel Esler <jesler at ...402...> wrote:
>> On Jun 13, 2011, at 12:13 PM, Russ Combs wrote:
>>> 
>>> Does the HTTP, SMTP, etc. logging take place in its own thread, or
>>> does it block the detection thread?
>> 
>> No - logging is in the main thread
>> 
>> It is included in the unified2 output file, use the u2spewfoo tool included
>> with Snort to see this.
>> Barnyard2 developers (Snorby et all), if they want to to include this output
>> in their tools, will have to update to handle this new output.
>> Joel
> 
> Barnyard2 currently do not log any of those Unified2ExtraDataHdr.
> But it will be able to process file where Unified2ExtraDataHdr are present.
> 
> A consensus has to be made betwen frontend developper to determine how they
> would like to have Unified2ExtraDataHdr data stored in their datastore.

How much interest would there be in the Barnyard2 folks maintaining the sql schema for what *I* refer to as the "Snort db schema".  Currently included in /contrib inside the Snort tarball?

Joel



More information about the Snort-devel mailing list