[Snort-users] barnyard alert_fast not compatible with snort -A fast?

Michael Scheidell scheidell at ...3799...
Wed May 1 07:47:33 EDT 2002

snort 1.8.6 sends a fast alert like this:  (snort -A fast -c

all on one line:
04/29-21:25:50.896957  \
[**] [1:1002:2] WEB-IIS cmd.exe access [**]\
[Classification: Web Application Attack] [Priority: 1] \
{TCP} ->
snort-> barnyard does this:
 one line each, a different order, AND appends a ------------ after entry )
programs that parse the fast.alert file have to fail
 am I missing some option in barnyard.conf?

04/29/02-21:47:47.760815  (TCP} ->
[**] [1:1113:1] WEB-MISC http directory traversal [**]
[Classification: Attempted Information Leak] [Priority: 2]
[Xref => http://www.whitehats.com/info/IDS297]

least we look at snort -A full, its even more different, and I can't see a
alert_full for barnyard.

Michael Scheidell
SECNAP Network Security, LLC
(561) 368-9561 scheidell at ...5171...

More information about the Snort-users mailing list