Snort mailing list archives
Re: Unified2 extra data
From: beenph <beenph () gmail com>
Date: Thu, 3 Jan 2013 09:33:05 -0500
On Thu, Jan 3, 2013 at 8:58 AM, Peter Bates <peter.bates () ucl ac uk> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
<SNIP>
Is this extra information then understood by the likes of Barnyard2 and added to a database, or only viewable with u2spewfoo?
</SNIP> EXTRA DATA record are read but not logged by barnyard2 2-1.x There was a patch against 2-1.9 to log to a modified db extra data but it has not been ported to 2-1.1x. You can allways use u2spewfoo for now. -elz
Thanks. - --
------------------------------------------------------------------------------ Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. ON SALE this month only -- learn more at: http://p.sf.net/sfu/learnmore_122712
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Unified2 extra data Peter Bates (Jan 03)
- Re: Unified2 extra data beenph (Jan 03)