[Snort-devel] Barnyard & Snort

Bamm (Robert) Visscher rvissche at ...1669...
Thu Nov 7 12:07:05 EST 2002


Sorry, I read this as alert FULL not FAST. I and was assuming you were
looking for more content. My wife put me on "1/2 the caffine" coffee, it
must be her fault. That is my story, and I am sticking to it. 

Bammkkkk

On Thu, 2002-11-07 at 13:45, Peleus G. Uhley wrote:
> 
> 	Sorry, I was looking at the wrong log when I wrote this.  BY does
> show IPs for ICMP alerts.
> 
> -Peleus
> 
> On Thu, 7 Nov 2002, Peleus G. Uhley wrote:
> 
> >
> > 	I am doing some work on Barnyard to make it's fast alert output
> > closer to Snort's fast alert output.  Barnyard currently does not pull
as
> > information out of the unified log as there would be if Snort was doing
> > the normal fast logging.  An example would be that Snort's normal fast
> > alert shows source and destination IPs for ICMP alerts and Barnyard does
> > not.  Another example would be Snort's fast alert output contains info #
> > of targets and ports on portscans but Barnyard does not.  Is this
because
> > Snort isn't dumping that information in unified logging mode or because
> > Barnyard hasn't been developed enough to be able to pull it out?
> >
> > thanks,
> >   -Peleus
> >
> >
> >
> > -------------------------------------------------------
> > This sf.net email is sponsored by: See the NEW Palm
> > Tungsten T handheld. Power & Color in a compact size!
> > http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en
> > _______________________________________________
> > Snort-devel mailing list
> > Snort-devel at lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/snort-devel
> >
> 
> 
> 
> -------------------------------------------------------
> This sf.net email is sponsored by: See the NEW Palm 
> Tungsten T handheld. Power & Color in a compact size!
> http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
-- 
Bamm (Robert) Visscher
Network Security Engineer
Ball Corp.
http://www.ball.com
rvissche at ...1669... 
210.240.5950 




More information about the Snort-devel mailing list