Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Barnyard Acid MySQL problem SOLVED

From: "Billy Wright" <Billy.Wright () scts-llc com>
Date: Thu, 6 Nov 2003 13:16:37 -0500
Thanks for getting back so soon this took care of the problem my
sid-msg.map file was in the wrong spot...

-Billy

-----Original Message-----
From: Robert Vance Jr [mailto:rev () northwestern edu] 
Sent: Thursday, November 06, 2003 12:41 PM
To: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Barnyard Acid MySQL problem



When sending output to Acid/Mysql using only snort, my signature field



would list something like this below...

SCAN Proxy (8080) attempt

After setting up Barnyard I am now getting this...

Snort Alert [1:618:0]


My first guess would be that when you fired up your barnyard process,
you did not configure it to use the sid-msg.map file.  This file maps
signature ids to their respective alert message.  So try something like
this...

/path/to/barnyard -s /path/to/sid-msg.map

You'll want to include any other command line parameters that you're
already using as well.

rev
--


-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program. Does
SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: