[Snort-users] Fwd: Re: barnyard2-1.10 major problem
beenph at ...11827...
Thu Oct 25 12:02:53 EDT 2012
On Thu, Oct 25, 2012 at 11:57 AM, Lawrence R. Hughes, Sr.
<lhughes at ...14822...> wrote:
> So what I see and correct me if I am wrong, you take a single event from
> snort that has 2 packets and create 2 seperate events in the database.
> So if i had a single event from snort that has 6 packets that are all listed
> with the same event_id barnyard would create 6 events in snort.event
> database correct?
> If this is the case, please explain why you would break the packets from a
> single event into several events.
We do not break anything up, it logged to the database as its present
in the unified2 file
PACKET1 EVENT X
PACKET2 EVENT X
PACKETN EVENT X
More information about the Snort-users