[Oisf-users] unified2.alert

Cooper F. Nelson cnelson at ucsd.edu
Fri Jul 5 16:40:07 UTC 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Snort ships with two small utilities for parsing unified2 files, u2boat
and u2spew.  Usage examples are available here.

http://manual.snort.org/node257.html
http://manual.snort.org/node258.html

If you aren't using barnyard2 and don't need packet captures then I
would suggest disabling unified2 alerts.

On 7/5/2013 9:30 AM, mouna amani wrote:
> I did not configure barnyard to work with suricata.
> But when I enabled unified2.alert
> I got some lignes with [wDrop] .
> what does it mean wDrop and if I didn't use barnyard how can I use
> unified2.alert
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/
> 


- -- 
Cooper Nelson
Network Security Analyst
UCSD ACT Security Team
cnelson at ucsd.edu x41042
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJR1vbnAAoJEKIFRYQsa8FWdYgH/2+GbxRFCk4FVLLFXLBlKpVM
uKRvgH5CsRH+tZR7n/PBgt9V3+GYl29i6DRaN8p3FcaFHb2l7oYV6q4o+cDuIO61
qDUhFjKp1TVubglqhT00y+hM6dJDz7art8jOLF/nbvidO5Y6noA1gVnSSUvjCksS
t9W+uvIiWGhYS3q/hC7SfE5ef60KhnPzNBCFS/SsQRak5Os3+5jdpzRiMcg9zDs3
rNZX7BzuMSczyem9Yl+MEK2+FipvSdi094bVdjambh97s54xENtnh2whzMTOGlo4
v1ozL2/RLy0PKNvGoU+HF5Wh32/9Q5Fpk42NY7W3ctuHeSUTau1UxSPtmECQPUY=
=RdRK
-----END PGP SIGNATURE-----



More information about the Oisf-users mailing list