Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Barnyard2 not inputting portscans (was Unified Logging - BASE - Portscans)

From: beenph <beenph () gmail com>
Date: Wed, 27 Jul 2011 08:50:13 -0400
On Wed, Jul 27, 2011 at 8:30 AM, James Lay <jlay () slave-tothe-box net> wrote:

Interesting....and guess what...barnyard2 doesn't seem to log portscan
data:

Jul 26 20:34:39 gateway snort[4555]: [122:17:0] (portscan) UDP Portscan
[Priority: 3] {PROTO:255} 205.171.2.25 -> my.ext.ip

A search for 205.171.2.25 came up empty....I think we have our issue.
Time to talk to firnsy mabye?



The only thing that barnyard2 is not logging should be
EXTRADATA events.

Now in barnyard2 1.10, the only issue i could see that would lead to
your portscan not being reported is the spooler cache mechanism that
will be removed in a future version since the spooler has been refactored.

You can find a version of barnyard2 without the spooler cache and with
spooler improvements @ https://github.com/binf/barnyard2.

Let us know if this fix whats you are observing.

Thanks
-elz

------------------------------------------------------------------------------
Got Input?   Slashdot Needs You.
Take our quick survey online.  Come on, we don't ask for help often.
Plus, you'll get a chance to win $100 to spend on ThinkGeek.
http://p.sf.net/sfu/slashdot-survey
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please see http://www.snort.org/docs for documentation
Previous By Date Next
Previous By Thread Next

Current thread: