(no subject)

[Marc Dreher <MarcDreher () gmx net>]

Hi all,

I posted this question already a couple of days ago. As I did not get an
answer either nobody knows (which I doubt) or it is a very well known issue and
I was tu stupid to find the answer in the faq or list history (allthough I
looked closly). The problem is the following.
When I have snort logging alerts in unified form to a file and take this
file as input for barnyard to write the output either to syslog or the
alert_fast output plugin I do not get any IP adresses or time information for
spp_portscan alerts. Output from alert_fast for example looks like this:

01/01/-30-00:00:00.000000 {IP} 0.0.0.0 -> 0.0.0.0
[**] [100:2:1] spp_portscan: Portscan Status [**]
[Classification: Not Suspicious Traffic] [Priority: 0]

all other alerts are fine. When I have snort log into the plain ascii alert
file everything is ok as well.

Thanks fo any hints.

Regards
Marc

-- 
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net



-------------------------------------------------------
This sf.net email is sponsored by: OSDN - Tired of that same old
cell phone?  Get a new here for FREE!
https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users