Snort mailing list archives
Help
From: Carlos Alberto Llano Rodriguez <carlos_llano () hotmail com>
Date: Thu, 28 Apr 2016 20:12:27 +0000
Hi everyone! I need your help please, I had a old issue with my snort 2.9.7.0. In the past i worked with snort 2.9.2 and we modified the snort to force to log all the packets related to an event, even if they are already logged with another event. In src/preprocessors/Stream5/snort_stream5_tcp.c we used ss->buffered = SL_BUF_DUMPED; Now, I'm working with 2.9.7.0 (one year aprox), and I need the same feature. I've been that the first packet is not related with the event, the event is related with an event later. The packet appears later with another event. please, my question is, in this version, how can I force the snort to log all the packets related to an event, even if they are already logged with another event? thank you very much for your attention and help! Carlos Llano Cali - Colombia
------------------------------------------------------------------------------ Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Help Carlos Alberto Llano Rodriguez (Apr 28)
- <Possible follow-ups>
- Help Carlos Alberto Llano Rodriguez (Apr 28)