[Snort-users] Help

Carlos Alberto Llano Rodriguez carlos_llano at ...125...
Thu Apr 28 16:12:27 EDT 2016


Hi everyone!


I need your help please, I had a old issue with my snort 2.9.7.0. In the past i worked with snort 2.9.2 and we modified the snort to force to log all the packets related to an event, even if they are already logged with another event.


In

src/preprocessors/Stream5/snort_stream5_tcp.c


we used ss->buffered = SL_BUF_DUMPED;


Now, I'm working with 2.9.7.0 (one year aprox), and I need the same feature.


I've been that the first packet is not related with the event, the event is related with an event later. The packet appears later with another event.


please, my question is, in this version, how can I force the snort to log all the packets  related to an event, even if they are already logged with another event?


thank you very much for your attention and help!


Carlos Llano

Cali - Colombia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20160428/84dafc9c/attachment.html>


More information about the Snort-users mailing list