[Snort-devel] Barnyard & Snort

Peleus G. Uhley peleus at ...1667...
Thu Nov 7 11:23:03 EST 2002


	I am doing some work on Barnyard to make it's fast alert output
closer to Snort's fast alert output.  Barnyard currently does not pull as
information out of the unified log as there would be if Snort was doing
the normal fast logging.  An example would be that Snort's normal fast
alert shows source and destination IPs for ICMP alerts and Barnyard does
not.  Another example would be Snort's fast alert output contains info #
of targets and ports on portscans but Barnyard does not.  Is this because
Snort isn't dumping that information in unified logging mode or because
Barnyard hasn't been developed enough to be able to pull it out?

thanks,
  -Peleus





More information about the Snort-devel mailing list