[Snort-devel] How to log dpx alerts/events using unified2, barnyard, mysql?
Zeeuw, L.V. de
l.v.de.zeeuw at ...3504...
Sat Nov 8 15:06:17 EST 2014
I should like to use DPX to develop my own preprocessor and find its alerts in a SNORT MySQL db.
I have SNORT and a DPX based preprocessor running. Snort is using the unified2 file format for logging. I use Barnyard2 and MySQL. This seems to work ok.
But I find the output from my DPX based preprocessor (using _dpd.logMsg (dpx.c)) only in /var/log/messages.
I do not understand how to use _dpd.alertAdd. What should be done so I will find the dpx alerts/events in my SNORT MySQL db?
How should Generator ID, Snort Rule ID, Revision number, Classification number, priority, message and rule info (I hope this is correct?)
in _dpd.alertAdd(DPX GID, DPX SRC SID, 1, 0, 3, DPX SRC STR, 0) be used? What other files should be modified?
_dpd.alertAdd works in the test environment. (using ./test.sh)
It is logging
x 256 1 0
to the screen
Any help is appreciated.
Luc de Zeeuw
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-devel