[Snort-users] barnyard2-1.10 major problem
beenph at ...11827...
Wed Oct 24 12:34:06 EDT 2012
On Wed, Oct 24, 2012 at 12:03 PM, Lawrence R. Hughes, Sr.
<lhughes at ...14822...> wrote:
> Here is our reponse to Firnsy:
Ok but this was actually an e-mail i wrote, so mabey thats where the
confusion comes from.
> ----- Original Message ----- From: "Lawrence R. Hughes, Sr."
> <lhughes at ...14822...>
> To: "firnsy" <firnsy at ...14568...>
> Cc: "safwat fahmy" <safwat.fahmy at ...14822...>
> Sent: Monday, October 22, 2012 12:08 PM
> Subject: Re: barnyard2-1.10 build 310
>> Hi Firnsy,
>> Not sure what you wanted me to do with u2_anon (packaged as a windows zip
>> w/src code)
>> Can't compile windows srource code.
For your information u2_anon is written for *nix, github default
download file is zip.
But you wont need it.
>> We made the change you suggested (Increase CACHED_EVENTS_MAX )
>> This did not help!!
>> I am attaching the org. snort unified2 file and you will see one event
>> 2 packets,
>> however by2 only inserted the first packet and this happened after we
>> modified by2 as you suggested.
add --alert-on-each-packet-in-stream in your barnyard2 command line
and it will work as expected.
More information about the Snort-users