Snort mailing list archives
Re: Snort, Barnyard2 and Snorby alert classification mismatch
From: hanx hi <hanxhi () yahoo com ar>
Date: Wed, 16 Jan 2013 06:52:23 -0800 (PST)
Thanks elz, that worked like a charm. Everyday I learn something new, that's why I like my job. ________________________________ De: beenph <beenph () gmail com> Para: hanx hi <hanxhi () yahoo com ar> CC: "snort-users () lists sourceforge net" <snort-users () lists sourceforge net> Enviado: miƩrcoles, 16 de enero de 2013 10:40 Asunto: Re: [Snort-users] Snort, Barnyard2 and Snorby alert classification mismatch Forgot to say that you could also update the priority manually with a UPDATE statement. -elz On Wed, Jan 16, 2013 at 8:37 AM, beenph <beenph () gmail com> wrote:
On Wed, Jan 16, 2013 at 8:14 AM, hanx hi <hanxhi () yahoo com ar> wrote:Hi everyone, I have this issue, maybe someone can help. I'm running Snort 2.9.4 along with Barnyard2 2.1.9 and Snorby 2.5.4 as a frontend. My problems is that I cannot match any snort rule classification with Snorby severity.Hi Hanx Hi, First i would suggest that you update to latest barnyard2 (www.github.com/firnsy/barnyard2)For example, I have this rule in Snort: alert tcp $HOME_NET 21 -> $EXTERNAL_NET any (msg:"POLICY failed FTP login attempt"; flow:established,to_client; content:"530 "; depth:4; metadata:policy security-ips alert; reference:url,www.ietf.org/rfc/rfc0959.txt; sid:13360; rev:3; priority:10;) As you can see, at the end of a line I assign a priority of 10 to that rule; when I triggerYou changed the priority, for it to be set correctly you would need to delete the rule you have inserted in the database and re-run barnyard2. The rule would then be at the good priority (if you have changed it betwen the first insertion and a later insertion). Hope this helps, -elz
------------------------------------------------------------------------------ Master Java SE, Java EE, Eclipse, Spring, Hibernate, JavaScript, jQuery and much more. Keep your Java skills current with LearnJavaNow - 200+ hours of step-by-step video tutorials by Java experts. SALE $49.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122612
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort, Barnyard2 and Snorby alert classification mismatch hanx hi (Jan 16)
- Re: Snort, Barnyard2 and Snorby alert classification mismatch beenph (Jan 16)
- Re: Snort, Barnyard2 and Snorby alert classification mismatch beenph (Jan 16)
- Re: Snort, Barnyard2 and Snorby alert classification mismatch hanx hi (Jan 16)
- Re: Snort, Barnyard2 and Snorby alert classification mismatch beenph (Jan 16)
- Re: Snort, Barnyard2 and Snorby alert classification mismatch beenph (Jan 16)