2.9.2-1 - Missing Alerts in Unified2 - Partial Alert in Unified

[Michael R Gilliam <techsavvy () insightbb com>]

Has anyone expereinced an issue that occurs when having output directed to two destinations, both a unified format and 
unified2 format, there are partial alerts that show up in the unified file (alert, but no packet/session data) and the 
alert and packet/session data is completely missing out of the unified2 file? Otherwise, for the most part (99% of the 
time), all alerts and packets/session data match . 

running snort2.9.2-1 
daq 0.6.2 


snort.conf output is set up as 
output unified2: filename snort.log, limit 128 
output alert_unified:filename /var/log/snort/log2.alert, limit 128 
output log_unified: filename /var/log/snort/log2.log, limit 128 

Thanks, 
Mike 

------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!