Carlos Alberto Llano Rodriguez
carlos_llano at ...125...
Thu Apr 28 16:12:27 EDT 2016
I need your help please, I had a old issue with my snort 184.108.40.206. In the past i worked with snort 2.9.2 and we modified the snort to force to log all the packets related to an event, even if they are already logged with another event.
we used ss->buffered = SL_BUF_DUMPED;
Now, I'm working with 220.127.116.11 (one year aprox), and I need the same feature.
I've been that the first packet is not related with the event, the event is related with an event later. The packet appears later with another event.
please, my question is, in this version, how can I force the snort to log all the packets related to an event, even if they are already logged with another event?
thank you very much for your attention and help!
Cali - Colombia
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users