[Snort-users] barnyard2-1.10 major problem

beenph beenph at ...11827...
Wed Oct 24 12:34:06 EDT 2012


On Wed, Oct 24, 2012 at 12:03 PM, Lawrence R. Hughes, Sr.
<lhughes at ...14822...> wrote:
> Here is our reponse to Firnsy:
>
Ok but this was actually an e-mail i wrote, so mabey thats where the
confusion comes from.

> ----- Original Message ----- From: "Lawrence R. Hughes, Sr."
> <lhughes at ...14822...>
> To: "firnsy" <firnsy at ...14568...>
> Cc: "safwat fahmy" <safwat.fahmy at ...14822...>
> Sent: Monday, October 22, 2012 12:08 PM
> Subject: Re: barnyard2-1.10 build 310
>
>
>> Hi Firnsy,
>>
>> Not sure what you wanted me to do with u2_anon (packaged as a windows zip
>> w/src code)
>> Can't compile windows srource code.

For your information u2_anon is written for *nix, github default
download file is zip.
But you wont need it.

>>
>> We made the change you suggested (Increase CACHED_EVENTS_MAX )
>>
>> This did not help!!
>>
>> I am attaching the org. snort unified2 file and you will see one event
>> with
>> 2 packets,
>> however by2 only inserted the first packet and this happened after we
>> modified by2 as you suggested.
>>

add  --alert-on-each-packet-in-stream in your barnyard2 command line
and it will work as expected.

-elz




More information about the Snort-users mailing list