Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Barnyard payload

From: Jochen Vogel <jvogel () it-sec de>
Date: Fri, 5 Mar 2004 12:56:45 +0100
Hi,

If snort log to ascii i get payload.
If snort log to binary and barnyard write it to ascii i get no payload.

Snort
-------------
/usr/local/bin/snort -c /tmp/rules/snort.conf -i br0 -deQ -A none
--------------
output alert_unified: filename snort.alert, limit 128
output log_unified: filename snort.log, limit 128
--------------


Barnyard
----------------
/usr/local/bin/barnyard -c $CONF/barnyard.conf -d $LOG \
-g /tmp/rules/gen-msg.map -s /tmp/rules/sid-msg.map \
-f snort.log -w $LOG/waldo.log 
-----------------
#output alert_fast
output log_dump
#output alert_syslog
#output log_pcap
#output alert_acid_db: mysql, database snort, server 192.168.0.48, user
sensor
#output log_acid_db: mysql, database snort, server 192.168.0.48, user
sensor, detail full


Any idea?
Thx for help
jo


-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: