[Snort-users] AW: [Barnyard-users] NIDS newbie question

Poppi, Sandro Sandro.Poppi at ...3316...
Sun May 12 22:41:02 EDT 2002


Hi,

for me it seems you are using either an older version of snort or barnyard.
I'm using barnyard from cvs (Version 0.1.0-dev Build 7) and snort-current
(Version 1.8.7beta1 Build 113), with that config I do get the correct values
in ACID (although log_dump and alert_html seem not to work for me).

HTH,
Sandro
> 
> hi all!
> 
> i'm a newbie in NIDS, so sorry if this question have already 
> been asked. i
> successfully installed snort together with barnyard.
> i am using the unified log ouput on snort and barnyard successfully
> converted it to readable format, however, the ip addresses on 
> the alert
> logfile generated by barnyard were in reversed format. see below:
> --------------------------------------------------------------
> ----------
> 05/10/02-10:54:26.660798  {ICMP} 11.0.168.192 -> 11.0.0.10
> [**] [1:376:4] ICMP PING Microsoft Windows [**]
> [Classification: Misc activity] [Priority: 3]
> [Xref => http://www.whitehats.com/info/IDS159]
> --------------------------------------------------------------
> ----------
> 
> how do i forced either snort or barnyard to log those ip addresses in
> correct format? i am also running a perl script (guardian) 
> that collects
> ip addresses on the alert logfile for dynamic blocking of offending ip
> address on our firewall.
> any inputs or suggestions would be appreciated.
> 
> tia
> 
> concordio m. pajayat, jr.
> open source technology enthusiast
> pilipino internet, inc.
> conpaj at PILNET dot COM
> 
> [  Sent through PILNET WebMail System - http://webmail.pilnet.com/  ]
> [  "Go beyond the quest for information!"  -  
> http://www.pilnet.com/   ]
> 
> 
> 
> _______________________________________________________________
> 
> Have big pipes? SourceForge.net is looking for download 
> mirrors. We supply
> the hardware. You get the recognition. Email Us: 
> bandwidth at ...382...
> _______________________________________________
> Barnyard-users mailing list
> Barnyard-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/barnyard-users
> 




More information about the Snort-users mailing list