Hello,
I'm running Snort 2.9.16 and using "output unified2: filename snort.u2, limit 128". When I use "u2spewfoo" I can see the encapsulated source/dest IP information, but when barnyard writes it to snort-alert.log using "output alert_fast: snort-alert.log" I'm only getting the GRE source IP information. What am I missing?
BTW, I did compile barnyard2 with "./configure --enable-gre"
Hello, I'm running Snort 2.9.16 and using "output unified2: filename snort.u2, limit 128". When I use "u2spewfoo" I can see the encapsulated source/dest IP information, but when barnyard writes it to snort-alert.log using "output alert_fast: snort-alert.log" I'm only getting the GRE source IP information. What am I missing?
BTW, I did compile barnyard2 with "./configure --enable-gre"
Thank you