Snort mailing list archives

Re: [barnyard2-users] Re: Offering a 64bit version of Snort for Windows?

From: "Michael Steele" <michaels () winsnort com>
Date: Wed, 31 Oct 2012 21:14:24 -0400

After the new install, first run, I noticed those events. After sending the
note about odd events, I refreshed the database, removed the logs and
restarted. Those were the events I posted, from the second new run.

Latest version of Snort, and 310 of barnyard2

I'm not sure about u2spewfoo

Michael...

-----Original Message-----
From: barnyard2-users () googlegroups com
[mailto:barnyard2-users () googlegroups com] On Behalf Of beenph
Sent: Wednesday, October 31, 2012 9:02 PM
To: Michael Steele
Cc: snort-devel; barnyard2-users () googlegroups com
Subject: [barnyard2-users] Re: [Snort-devel] Offering a 64bit version of
Snort for Windows?

On Wed, Oct 31, 2012 at 8:29 PM, Michael Steele <michaels () winsnort com>
wrote:

In my snort.conf:

output unified2: filename merged.log, limit 128

This is the first time I've seen these entries.

There could be many reason why this could happen.
Are you able to reproduce it with an empty log directory and restarting
snort?

Or did someone sent you a unified2 file?

What version of snort was used to produce that unified2 file?

But the essence of the message is  that barnyard2 read a unified2 packet
event and it was sent to the output plugin but since there is no cached
event or previously read event that matches, processing will not go further
since we need a unified2 event (read previously or cached) and a packet to
log to the database.

You also might want to observe the unified2 file structure by using
u2spewfoo.

-elz

-- 






------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_sfd2d_oct
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!

Current thread:

Offering a 64bit version of Snort for Windows? Michael Steele (Oct 31)
- Re: Offering a 64bit version of Snort for Windows? beenph (Oct 31)
  - Re: Offering a 64bit version of Snort for Windows? Michael Steele (Oct 31)
    - Re: Offering a 64bit version of Snort for Windows? beenph (Oct 31)
    - Re: Offering a 64bit version of Snort for Windows? Michael Steele (Oct 31)
    - Re: Offering a 64bit version of Snort for Windows? beenph (Oct 31)
    - Re: [barnyard2-users] Re: Offering a 64bit version of Snort for Windows? Michael Steele (Oct 31)
    - Re: [barnyard2-users] Re: Offering a 64bit version of Snort for Windows? beenph (Oct 31)
    - Message not available
    - Re: [barnyard2-users] Re: Offering a 64bit version of Snort for Windows? beenph (Nov 01)
    - Re: [barnyard2-users] Re: Offering a 64bit version of Snort for Windows? Michael Steele (Nov 01)
    - Re: [barnyard2-users] Re: Offering a 64bit version of Snort for Windows? beenph (Nov 01)
    - Re: [barnyard2-users] Re: Offering a 64bit version of Snort for Windows? Michael Steele (Nov 01)
    - Re: [barnyard2-users] Re: Offering a 64bit version of Snort for Windows? beenph (Nov 01)
    - Re: [barnyard2-users] Re: Offering a 64bit version of Snort for Windows? Michael Steele (Nov 01)
- Re: Offering a 64bit version of Snort for Windows? Joel Esler (Nov 01)