[Oisf-users] unified2.alert

Leonard Jacobs ljacobs at netsecuris.com
Fri Jul 5 16:31:17 UTC 2013


The file unified2.alert is not generated by Barnyard2.  It is generated by Suricata.  Barnyard2 uses unified2.alert as it's source to input logs to database.

wDrop means that signature dropped the packet.  You see the same thing in fast.log.

fast.log and unified2.alert should have the same information in them.

-----Original Message-----
From: oisf-users-bounces at openinfosecfoundation.org [mailto:oisf-users-bounces at openinfosecfoundation.org] On Behalf Of mouna amani
Sent: Friday, July 05, 2013 11:31 AM
To: oisf-users at openinfosecfoundation.org; oisf-users-bounces at openinfosecfoundation.org
Subject: [Oisf-users] unified2.alert

I did not configure barnyard to work with suricata.
But when I enabled unified2.alert
I got some lignes with [wDrop] .
what does it mean wDrop and if I didn't use barnyard how can I use unified2.alert _______________________________________________
Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
OISF: http://www.openinfosecfoundation.org/




More information about the Oisf-users mailing list