[Snort-users] Unified2 extra data

beenph beenph at ...11827...
Thu Jan 3 09:33:05 EST 2013


On Thu, Jan 3, 2013 at 8:58 AM, Peter Bates <peter.bates at ...15381...> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
<SNIP>
>
> Is this extra information then understood by the likes of Barnyard2
> and added to a database, or only viewable with u2spewfoo?
</SNIP>

EXTRA DATA  record are read but not logged by barnyard2 2-1.x

There was a patch against 2-1.9 to log to a modified db extra data but it
has not been ported to
2-1.1x.

You can allways use u2spewfoo for now.


-elz

>
> Thanks.
>
> - --
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130103/0e5883b5/attachment.html>


More information about the Snort-users mailing list