[Oisf-users] Odd Suricata and Barnyard2 problem
Eric Leblond
eric at regit.org
Thu Nov 24 16:57:02 UTC 2011
Hello,
Le jeudi 24 novembre 2011 à 16:51 +0000, Peter Bates a écrit :
> Hello again all
>
> On 24/11/2011 15:40, Eric Leblond wrote:
> > I've been able to reproduce your problem and I've also fixed some
> > other issues (not related to the one you had but with same effect
> > of creating multiple pcap).
> >
> > Can you try the incremental patch that will follow this mail ?
>
> I've tried the patch and am still seeing the same behaviour:
>
> -rw-r--r--. 1 root 156749 Nov 24 16:49 stats.log
> -rw-r--r--. 1 suricata 26312 Nov 24 16:49 unified2.alert.1322152989
> -rw-------. 1 root 435 Nov 24 16:43 tcpdump.log.1322153006
> -rw-r--r--. 1 suricata 0 Nov 24 16:43 drop.log
>
> - the unified2 log updates okay, but Barnyard2 does not update or
> appear happy with the input.
That's strange. I've tested this on an awfull pcap and it was working
fine.
Stupid question, are you sure you have run with the updated suricata ?
As this will be the case, could you send me privately your
unified2.alert file.
BR,
--
Eric
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20111124/1914c45c/attachment.sig>
More information about the Oisf-users
mailing list