[Snort-devel] Barnyard & Snort

Bamm (Robert) Visscher rvissche at ...1669...
Thu Nov 7 11:40:06 EST 2002

BY's output alert_fast uses data from unified_alert which doesn't
contain this info (packet data, etc).


On Thu, 2002-11-07 at 13:22, Peleus G. Uhley wrote:
> 	I am doing some work on Barnyard to make it's fast alert output
> closer to Snort's fast alert output.  Barnyard currently does not pull as
> information out of the unified log as there would be if Snort was doing
> the normal fast logging.  An example would be that Snort's normal fast
> alert shows source and destination IPs for ICMP alerts and Barnyard does
> not.  Another example would be Snort's fast alert output contains info #
> of targets and ports on portscans but Barnyard does not.  Is this because
> Snort isn't dumping that information in unified logging mode or because
> Barnyard hasn't been developed enough to be able to pull it out?
> thanks,
>   -Peleus
> -------------------------------------------------------
> This sf.net email is sponsored by: See the NEW Palm 
> Tungsten T handheld. Power & Color in a compact size!
> http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
Bamm (Robert) Visscher
Network Security Engineer
Ball Corp.
rvissche at ...1669... 

More information about the Snort-devel mailing list