[Oisf-users] Some type of problem with unified2 output in suricata 1.1
carlopmart
carlopmart at gmail.com
Sat Nov 12 21:42:06 UTC 2011
Hi all,
I have updated my suricata sensor to version 1.1. It is configured to
send output to barnyard2 and to a plain text file. It also has two sguil
agents configured: pcap_agent and snort_agent only. Sometimes, on sguil
console, I can see full packet captures and sometimes not. Sometimes are
same events and sometimes not.
My first attempt was to use pcap-log option on suricata's config file,
but actually I am doing packet capture with daemonlogger. I've got
another five host sensors with snort and sguil agents (two Ubuntu LTS
10.04.1 hosts and three OpenBSD 5.0 hosts) configured and no problems
appears.
How can I debug this problem?? Could be a problem with suricata or
with barnyard2?
Host components:
1/ OS: Ubuntu LTS 10.04.3 fully updated
2/ Suricata 1.1
3/ Sguil Agents 0.8.0
4/ Daemonlogger 1.2.1
5/ Barnyard2 2.1.9 (Build 263)
Thanks.
--
CL Martinez
carlopmart {at} gmail {d0t} com
More information about the Oisf-users
mailing list