Snort mailing list archives
Re: 'only_stream' (and other alternate decode buffers) do not write out data to the logs
From: Joel Esler <jesler () sourcefire com>
Date: Sat, 8 Oct 2011 17:22:59 -0400
You should log to unified2, much more data is put out in that format than in pcap. -- Joel Esler On Oct 8, 2011, at 16:07, Steven Sturges <ssturges () sourcefire com> wrote:
I haven't played with unified2 that much. I typically just log to straight libpcap files and analyze them in WireShark
Attachment:
smime.p7s
Description:
------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2dcopy2
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- 'only_stream' (and other alternate decode buffers) do not write out data to the logs Joshua.Kinard (Oct 07)
- Re: 'only_stream' (and other alternate decode buffers) do not write out data to the logs Joel Esler (Oct 07)
- Re: 'only_stream' (and other alternate decode buffers) do not write out data to the logs Joshua.Kinard (Oct 07)
- Re: 'only_stream' (and other alternate decode buffers) do not write out data to the logs Jason Brvenik (Oct 12)
- Re: 'only_stream' (and other alternate decode buffers) do not write out data to the logs Joshua.Kinard (Oct 07)
- Re: 'only_stream' (and other alternate decode buffers) do not write out data to the logs Steven Sturges (Oct 08)
- Re: 'only_stream' (and other alternate decode buffers) do not write out data to the logs Joel Esler (Oct 08)
- Re: 'only_stream' (and other alternate decode buffers) do not write out data to the logs Joshua.Kinard (Oct 12)
- Re: 'only_stream' (and other alternate decode buffers) do not write out data to the logs Jason Brvenik (Oct 12)
- Re: 'only_stream' (and other alternate decode buffers) do not write out data to the logs Joshua.Kinard (Oct 07)
- Re: 'only_stream' (and other alternate decode buffers) do not write out data to the logs Joel Esler (Oct 07)