Snort mailing list archives
Re: Base Barnyard and Unified Logs
From: Wes Young <wcyoung () buffalo edu>
Date: Mon, 14 Mar 2005 16:19:39 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ah ha.... Barnyard only inserts the SIG NAME if it doesnt exist in the snort table already, not based on msg map readin. So, if you start base on a 'not so fresh' start of barnyard, you'll get all the snort data, but if you F'd your sig table, it won't add it without a manual script, that reads the sigmap in and then inserts it... might be a nice addition to either project... might take up space... but not that much... eof Wes Young wrote: | I thought barnyard uses the sid-msg.map to read the sid and then inserts | ~ the sig details to the DB, no? I don't specify the sid-msg.map anywhere | else, hense why Aanval works perfectly, but base, does not. | | There must be a slight problem with the way base looks up sig info and a | slight problem how barnyard stores it. | | Michael Scheidell wrote: | | The issues is barnyard. | | | | Barnyard only stores the sid, and THEN, reads sid-msg.map for signature | | description. | | | | | - ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users - -- Wes Young Network Security Analyst University at Buffalo GPG Key: http://saxjazman9-security.blogspot.com/2005/01/gpg-key.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFCNf/r1M5o0FsrrbERApgFAJ9qWU0aqCiggDQIBkNtr86x4/WeMgCgnOAI GYAlhbFA857IGSRBLn4Qmdw= =za3C -----END PGP SIGNATURE----- ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Base Barnyard and Unified Logs Wes Young (Mar 14)
- <Possible follow-ups>
- RE: Base Barnyard and Unified Logs Michael Scheidell (Mar 14)
- RE: Base Barnyard and Unified Logs Jim O'Leary (Mar 14)
- Re: Base Barnyard and Unified Logs Wes Young (Mar 14)
- Re: Base Barnyard and Unified Logs Wes Young (Mar 14)
- Re: Base Barnyard and Unified Logs Paul Schmehl (Mar 14)
- Re: Base Barnyard and Unified Logs Wes Young (Mar 14)
- Re: Base Barnyard and Unified Logs Esler, Joel CNTR/Sytex (Mar 14)
- Re: Base Barnyard and Unified Logs Wes Young (Mar 14)
- Re: Base Barnyard and Unified Logs Paul Schmehl (Mar 14)
- Re: Base Barnyard and Unified Logs Wes Young (Mar 14)
- RE: Base Barnyard and Unified Logs Lee Clemens (Mar 14)
- Re: Base Barnyard and Unified Logs Joel Esler (Mar 21)
- Re: Base Barnyard and Unified Logs Wes Young (Mar 14)
- Re: Base Barnyard and Unified Logs Jerry (Mar 25)