[Snort-users] Fwd: Re: barnyard2-1.10 major problem

Lawrence R. Hughes, Sr. lhughes at ...14822...
Thu Oct 25 10:25:52 EDT 2012


Beenph,

Running the command line you suggested using that file, the results were one 
(1) event with the first packet from unified2 file.
Barnyard2 did not insert the second packet of the same event into the 
snort.data table.

Thanks,
Larry

----- Original Message ----- 
From: "beenph" <beenph at ...11827...>
To: "Lawrence R. Hughes, Sr." <lhughes at ...14822...>
Cc: <barnyard2-users at ...14071...>; "snort-users" 
<snort-users at lists.sourceforge.net>
Sent: Thursday, October 25, 2012 10:07 AM
Subject: Re: [Snort-users] Fwd: Re: barnyard2-1.10 major problem


> On Thu, Oct 25, 2012 at 10:00 AM, Lawrence R. Hughes, Sr.
> <lhughes at ...14822...> wrote:
>> Beenph,
>>
>> barnyard2-1.10 command line:
>>    /smlog/barnyard2/bin/barnyard2 -eDUqc 
>> /smlog/barnyard2/etc/barnyard2.conf
>> --alert-on-each-packet-in-stream --pid-path /smlog/ -l 
>> /smlog/logs/barnyard2
>> -d /smlog/logs -f snort.log -w /smlog/logs/snort.waldo &
>> snort.conf:
>>    output unified2: filename snort.log, limit 128
>>
>>
> Did you try your command line with the file you sent to the list?
> Did you get 2 events logged from that unified2 file?
>
>
> -elz
> 





More information about the Snort-users mailing list