Re: Barnyard2 configure/compile problems and startup error: "Snort not compiled to use mysql" message followup - 1st time barnyard user

[waldo kitty <wkitty42 () windstream net>]

On 5/7/2013 09:34, Lars wrote:
> While it appears we have snort doing unified logging now as long as we use the
> –k in the snort startup command I am not sure what the reason is for that or if
> we may still have something wrong in one of these files we could do better with?

from the (2.9.4) manual (pdf)

[quote]
_1.5_Packet_Acquisition_
Snort 2.9 introduces the DAQ, or Data Acquisition library, for packet I/O. The 
DAQ replaces direct calls to PCAP functions with an abstraction layer that 
facilitates operation on a variety of hardware and software interfaces without 
requiring changes to Snort. It is possible to select the DAQ type and mode when 
invoking Snort to perform PCAP readback or inline operation, etc.

*! NOTE*
Some network cards have features named ”Large Receive Offload” (lro) and 
”Generic Receieve Offload” (gro). With these features enabled, the network card 
performs packet reassembly before they’re processed by the kernel.
By default, Snort will truncate packets larger than the default snaplen of 1518 
bytes. In addition, LRO and GRO may cause issues with Stream5 target-based 
reassembly. We recommend that you turn off LRO and GRO. On linux systems, you 
can run:
$ ethtool -K eth1 gro off
$ ethtool -K eth1 lro off
[/quote]

i found the above by searching the manual for '-k' (without the single quote 
marks) and these two instances are the only ones that turned up... granted, this 
is for an older version of snort (2.9.4.0) but their use is still the same... 
searching for 'offload' also results in the same being found... we generally see 
'-k' mentioned when snort is not outputting anything and there is traffic known 
to be flowing... telling snort to compensate for the offload then enables it to 
perform its tasks...

-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and 
their applications. This 200-page book is written by three acclaimed 
leaders in the field. The early access version is available now. 
Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!