Hi Justin,
We do not maintain barnyard, so I don't know if someone will update it
to support unified2. However, it shouldn't be hard to update anything
that worked with Unified1 to work with Unified2. Check spo_unified2.c
spo_unified2.h. IMHO, its even easier to work with since everything is
in network byte order.
yes, so far you are right. But this was not my question at all...
I don't believe there are any plans at this point to update the
database output plugin for IPv6 support.
I think the database scheme should be updated. I think even the
spo_datbase.c should be able to deal with IPv6. And of course all
the other tools like the database plugin of barnyard and FLoP. On
the other hand we should see the support for IPv6 in tools like
BASE.
So my simple question is: How should this be done so that all can use
the same scheme? Even Sguil needs to be able to deal with IPv6 but
they use a complete different database layout so they will not have
a problem of interoperability with other tools...
Best regards
Dirk
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
