[Snort-devel] How to log dpx alerts/events using unified2, barnyard, mysql?

Zeeuw, L.V. de l.v.de.zeeuw at ...3504...
Sat Nov 8 15:06:17 EST 2014


L.S.

I should like to use DPX to develop my own preprocessor and find its alerts in a SNORT MySQL db.

I have SNORT and a DPX based preprocessor running. Snort is using the  unified2 file format for logging. I use  Barnyard2 and MySQL.  This seems to work ok.

But I find the output from my DPX based preprocessor (using _dpd.logMsg (dpx.c)) only in /var/log/messages.

I do not understand how to use _dpd.alertAdd.  What should be done so I will find the dpx alerts/events in my SNORT MySQL db?

How should  Generator ID, Snort Rule ID, Revision number, Classification number, priority, message  and rule info (I hope this is correct?) 
in _dpd.alertAdd(DPX GID, DPX SRC SID, 1, 0, 3, DPX SRC STR, 0) be used? What other files should be modified?

_dpd.alertAdd works in the test environment. (using ./test.sh)
It is logging 
x 256 1 0 
to the screen

Any help is appreciated.

Regards,

Luc de Zeeuw



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20141108/f3928170/attachment.html>


More information about the Snort-devel mailing list