[Snort-devel] Barnyard & Snort

Bamm (Robert) Visscher rvissche at ...1669...
Thu Nov 7 11:40:06 EST 2002


BY's output alert_fast uses data from unified_alert which doesn't
contain this info (packet data, etc).

Bammkkkk

On Thu, 2002-11-07 at 13:22, Peleus G. Uhley wrote:
> 
> 	I am doing some work on Barnyard to make it's fast alert output
> closer to Snort's fast alert output.  Barnyard currently does not pull as
> information out of the unified log as there would be if Snort was doing
> the normal fast logging.  An example would be that Snort's normal fast
> alert shows source and destination IPs for ICMP alerts and Barnyard does
> not.  Another example would be Snort's fast alert output contains info #
> of targets and ports on portscans but Barnyard does not.  Is this because
> Snort isn't dumping that information in unified logging mode or because
> Barnyard hasn't been developed enough to be able to pull it out?
> 
> thanks,
>   -Peleus
> 
> 
> 
> -------------------------------------------------------
> This sf.net email is sponsored by: See the NEW Palm 
> Tungsten T handheld. Power & Color in a compact size!
> http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
-- 
Bamm (Robert) Visscher
Network Security Engineer
Ball Corp.
http://www.ball.com
rvissche at ...1669... 
210.240.5950 




More information about the Snort-devel mailing list