[Oisf-users] Odd Suricata and Barnyard2 problem

Martin Holste mcholste at gmail.com
Wed Nov 23 15:43:42 UTC 2011


I'd use u2spewfoo to have a quick look at the contents and check for corruption.

On Wed, Nov 23, 2011 at 9:38 AM, Peter Bates <peter.bates at ucl.ac.uk> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> Hello again all
>
> On 23/11/2011 14:35, Peter Bates wrote:
>> Has anyone seen this behaviour before and can suggest a fix?
>
> Apologies for replying to my own post.
>
> Cross-checking on the same box - Snort 2.9.1.2 does not exhibit this
> behaviour.
>
> Does Suricata possibly write an inconsistent unified2 log under load?
>
> I'm struggling to see why the two applications both produce unified2
> files - but barnyard2 generates one tcpdump file for Snort and a
> constantly growing number from Suricata.
>
> - --
> Peter Bates
> Senior Computer Security Officer    Phone: +44(0)2076792049
> Information Services Division       Internal Ext: 32049
> University College London
> London WC1E 6BT
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.17 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iQEcBAEBAgAGBQJOzRN/AAoJELhVoVpEMS6Re9oH/0nF9QVLMdqgWuoSKvAtPUt5
> pQp7bxFLMC3/j1goGv3ct+Mz29DsKL7mB74B+uKqsDMxnJ7jBeaPql7B71Koc+cf
> PneThUR6RxdUoKXhLkaXUsQhUGmr9G5uZMgIz+YdGKBiEltToDuamgSvqzySwq3H
> XJTQX5nHduqyal9S6j+vIVTuiidfyBXhbhb+gPuJz5RYrYhgEE4DAeo88dSetl1s
> WuXJ/cCT1sqTT6KC9v4H5QLz4QS961JueWUWGdQOw3Ad3l3ZU6P4VWj37mpL5jmV
> lZG7OUYJujo4EcQKqt8neIDsVw7kzYIza5cmWewYC3++Wz6mkjQgTJPCHb2sek4=
> =hV/4
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>



More information about the Oisf-users mailing list