[Snort-users] barnyard2-1.10 major problem

Lawrence R. Hughes, Sr. lhughes at ...14822...
Wed Oct 24 10:12:25 EDT 2012


We have discovered that barnyard2-1.10 (all builds) has a major problem where it will only pass one (1) packet per-alert to the database and discards any further packets reported by snort!

We have been in touch with the author of barnyard2 and they can not offer any solutions and are working on a complete re-write of spooler.c for the release 2.2 of barnyard2.

Has anyone patched spooler.c to get around this problem?

The problem does not appear to be a new one as we saw the same results in barnyard2-1.8
We have verified snort's unified2 output log, which does indeed have additional packets carrying the same event_id...

Any help would be great in getting a work-around patch for spooler.c

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121024/b67fa05a/attachment.html>

More information about the Snort-users mailing list