[Snort-users] Fwd: Re: barnyard2-1.10 major problem

Jack kingofnerds at ...11827...
Thu Oct 25 09:13:44 EDT 2012


---------- Forwarded message ----------
From: "Jack" <kingofnerds at ...11827...>
Date: Oct 25, 2012 9:11 AM
Subject: Re: [Snort-users] barnyard2-1.10 major problem
To: "beenph" <beenph at ...11827...>

Last time I enabled the alert on each packet, I just got more alerts,  what
I think is being requested is to have all the packets in a single alert for
one event
On Oct 24, 2012 12:38 PM, "beenph" <beenph at ...11827...> wrote:
>
> On Wed, Oct 24, 2012 at 12:03 PM, Lawrence R. Hughes, Sr.
> <lhughes at ...14822...> wrote:
> > Here is our reponse to Firnsy:
> >
> Ok but this was actually an e-mail i wrote, so mabey thats where the
> confusion comes from.
>
> > ----- Original Message ----- From: "Lawrence R. Hughes, Sr."
> > <lhughes at ...14822...>
> > To: "firnsy" <firnsy at ...14568...>
> > Cc: "safwat fahmy" <safwat.fahmy at ...14822...>
> > Sent: Monday, October 22, 2012 12:08 PM
> > Subject: Re: barnyard2-1.10 build 310
> >
> >
> >> Hi Firnsy,
> >>
> >> Not sure what you wanted me to do with u2_anon (packaged as a windows
zip
> >> w/src code)
> >> Can't compile windows srource code.
>
> For your information u2_anon is written for *nix, github default
> download file is zip.
> But you wont need it.
>
> >>
> >> We made the change you suggested (Increase CACHED_EVENTS_MAX )
> >>
> >> This did not help!!
> >>
> >> I am attaching the org. snort unified2 file and you will see one event
> >> with
> >> 2 packets,
> >> however by2 only inserted the first packet and this happened after we
> >> modified by2 as you suggested.
> >>
>
> add  --alert-on-each-packet-in-stream in your barnyard2 command line
> and it will work as expected.
>
> -elz
>
>
------------------------------------------------------------------------------
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> http://p.sf.net/sfu/appdyn_sfd2d_oct
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
Snort news!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121025/5d2fc10c/attachment.html>


More information about the Snort-users mailing list