[Snort-users] Tagging

Matheus Condi'ez conma293 at ...11827...
Wed May 21 00:07:21 EDT 2014


Hey guys,

Im beginning to muddle around with tagging, can seemingly get the rules to
fire off quite easily and tag 'full' packets for x amount of time, bytes
etc ...

But then this gets lumped into the U2 files and processed by Barnyard2 -->
what im wondering is how the packets in addition to the alerting packet get
processed by BY2 output so that it would come up as the whole payload in a
snorby or tripwire interface...

any takers?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140521/d530bafd/attachment.html>


More information about the Snort-users mailing list