[Discussion] Problem with output of unified2 for banayard2

• Previous message (by thread): [Discussion] Suricata Inline Mode FreeBSD BRIDGING
• Next message (by thread): [Discussion] Problem with output of unified2 for banayard2
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi all, recently I have a problem with the output of unified2 when
banyard2 read the unified2.alert.* files, the problem is that
barnyard2 can read the unified2.alert.* files of suricata log  but
cant identify what is the classification, the alert output is like
this in barnyard:

<bridge0> ET SCAN NMAP -sS window 4096  [**] [Classification ID:
(null)] [Priority ID: 3]

Classification ID: null   and priority of 3,

The output of alert and fast.log of suricata identify correctly the
classification,

I contact with developers of banyard2 and say me that maybe is a
problem with the log (unified2.alert.* files) generated by suricata

Thanks a lot

Miler

• Previous message (by thread): [Discussion] Suricata Inline Mode FreeBSD BRIDGING
• Next message (by thread): [Discussion] Problem with output of unified2 for banayard2
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]