[Oisf-users] Packet capture dump in unified2 logs.

[Peter Manev]

Just from observation -
"PACKET LEN:        68" in debug alert
but in Snorby it says "40" - so it does seem there is a bit of discrepancy
....
If you use pcap.log(ing) in yaml , does this packet indeed have 68 or 40
length ?

-- 
Peter Manev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20120215/f70ac047/attachment-0002.html>