[Oisf-users] Some type of problem with unified2 output in suricata 1.1
Victor Julien
victor at inliniac.net
Tue Nov 15 08:52:08 UTC 2011
On 11/12/2011 10:42 PM, carlopmart wrote:
> Hi all,
>
> I have updated my suricata sensor to version 1.1. It is configured to
> send output to barnyard2 and to a plain text file. It also has two sguil
> agents configured: pcap_agent and snort_agent only. Sometimes, on sguil
> console, I can see full packet captures and sometimes not. Sometimes are
> same events and sometimes not.
>
> My first attempt was to use pcap-log option on suricata's config file,
> but actually I am doing packet capture with daemonlogger. I've got
> another five host sensors with snort and sguil agents (two Ubuntu LTS
> 10.04.1 hosts and three OpenBSD 5.0 hosts) configured and no problems
> appears.
>
> How can I debug this problem?? Could be a problem with suricata or
> with barnyard2?
>
> Host components:
>
> 1/ OS: Ubuntu LTS 10.04.3 fully updated
> 2/ Suricata 1.1
> 3/ Sguil Agents 0.8.0
> 4/ Daemonlogger 1.2.1
> 5/ Barnyard2 2.1.9 (Build 263)
I don't remember the exact issue, but I do know I updated to barnyard2
2.1.10 beta to solve something. Maybe you can try that as well.
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list