[Snort-devel] Barnyard & Snort

Peleus G. Uhley peleus at ...1667...
Thu Nov 7 11:46:05 EST 2002


	Sorry, I was looking at the wrong log when I wrote this.  BY does
show IPs for ICMP alerts.

-Peleus

On Thu, 7 Nov 2002, Peleus G. Uhley wrote:

>
> 	I am doing some work on Barnyard to make it's fast alert output
> closer to Snort's fast alert output.  Barnyard currently does not pull as
> information out of the unified log as there would be if Snort was doing
> the normal fast logging.  An example would be that Snort's normal fast
> alert shows source and destination IPs for ICMP alerts and Barnyard does
> not.  Another example would be Snort's fast alert output contains info #
> of targets and ports on portscans but Barnyard does not.  Is this because
> Snort isn't dumping that information in unified logging mode or because
> Barnyard hasn't been developed enough to be able to pull it out?
>
> thanks,
>   -Peleus
>
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by: See the NEW Palm
> Tungsten T handheld. Power & Color in a compact size!
> http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
>





More information about the Snort-devel mailing list