[Snort-users] New IDS best practise

beenph beenph at ...11827...
Thu Nov 17 22:46:53 EST 2011


On Thu, Nov 17, 2011 at 10:05 PM, Martin Holste <mcholste at ...11827...> wrote:
>> There is a patch submited by Brett Edgar that should work with extra data
>> http://groups.google.com/group/barnyard2-devel/browse_thread/thread/2163cddabf481620
>
> Will the current barnyard2 implementation log extra data to syslog?
>

unified2 extra data event are read, but clean support has not been
decided yet, thus its possible
to patch it and make it work no issue, its just not decided on how
everything will get displayed.

If people have suggestion on extra data representation they can use
our ml's to let us know.

-elz




More information about the Snort-users mailing list