Snort mailing list archives
Barnyard 0.2.0 Patch
From: Colin Grady <colin.grady () gmail com>
Date: Sat, 4 Jun 2005 16:46:12 -0500
I've written a patch for Barnyard 0.2.0 that fixes some issues with the op_sguil op_acid_db output plugins. The patch allows the Sguil output plugin to properly log the signature revision numbers and the signature generator ID. Prior to this patch, the signature generator ID an revision numbers were always defaulted to 0. The signature generator ID was never passed in the event INSERT statement, defaulting it to 0 in the database. The signature revision number was not properly set in the Sid structure because it populated the structure based on the sid-msg.map which doesn't include the revision information. To fix that the OpSguil_Log function now populates the Sid->rev value from the UnifiedLogRecord information. The same thing goes for the Alert and Log functions in op_acid_db. The patch is available here: http://pr00f.org/barnyard-0.2.0-cmg.patch Enjoy, Colin Grady ------------------------------------------------------- This SF.Net email is sponsored by: NEC IT Guy Games. How far can you shotput a projector? How fast can you ride your desk chair down the office luge track? If you want to score the big prize, get to know the little guy. Play to win an NEC 61" plasma display: http://www.necitguy.com/?r _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Barnyard 0.2.0 Patch Colin Grady (Jun 04)