This repository has been archived by the owner on Jan 18, 2024. It is now read-only.
barnyard2 u2 alert_fast using GRE IP, not encapsulated IP. #258
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Hello,
I'm running Snort 2.9.16 and using "output unified2: filename snort.u2, limit 128". When I use "u2spewfoo" I can see the encapsulated source/dest IP information, but when barnyard writes it to snort-alert.log using "output alert_fast: snort-alert.log" I'm only getting the GRE source IP information. What am I missing?
BTW, I did compile barnyard2 with "./configure --enable-gre"
Thank you
The text was updated successfully, but these errors were encountered: