Re: New IDS best practise

[beenph <beenph () gmail com>]

On Thu, Nov 17, 2011 at 10:05 PM, Martin Holste <mcholste () gmail com> wrote:
> > There is a patch submited by Brett Edgar that should work with extra data
> > http://groups.google.com/group/barnyard2-devel/browse_thread/thread/2163cddabf481620
>
> Will the current barnyard2 implementation log extra data to syslog?

unified2 extra data event are read, but clean support has not been
decided yet, thus its possible
to patch it and make it work no issue, its just not decided on how
everything will get displayed.

If people have suggestion on extra data representation they can use
our ml's to let us know.

-elz

------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure 
contains a definitive record of customers, application performance, 
security threats, fraudulent activity, and more. Splunk takes this 
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!