[Snort-users] barnyard (Payload)

Alwin Raymundo alrayworld at ...131...
Tue Oct 15 05:38:03 EDT 2002


Hi Marty,

Sorry I'm busy this week and I just open my email.

in my snort.conf 
output aler_unified: filename snort.alert, limit 128

in barnyard.conf
config hostname: snorthost
config interface: fxp0
config filter: not port 22
processor dp_alert
processor dp_log
processor dp_stream_stat
output alert_fast
output log_dump
output alert_acid_db: mysql, sensor_id 1, database
snort, server localhost, user usnort, password loghog

I'm new with barnyard. Thanks in Advance for your
help.

Your brother in snort

Alwin
--- Martin Roesch <roesch at ...1935...> wrote:
> Which unified output option are you guys using?
> 
>       -Marty
> 
> 
> On 10/1/02 8:57 AM, "Alwin Raymundo"
> <alrayworld at ...131...> wrote:
> 
> > Hi Ron,
> > 
> > Yap to me the payload is very important.  for my
> own
> > opinion.  we know that somebody trying to do some
> > nasty thing to our server but how?
> > 
> > without the payload its look like I shooting in
> the
> > dark.
> > 
> > Thanks
> > 
> > 
> > --- Ron Shuck <rshuck at ...6736...> wrote:
> >> Hey Alwin,
> >> 
> >> I found the same results. I haven't heard if
> there
> >> are plans to include
> >> this, or if it should work and we just missed
> >> something.
> >> 
> >> 
> >> Ron Shuck, CISSP - Managing Consultant
> >> Buchanan Associates - A Technology Company in the
> >> People Business
> >> http://www.buchanan.com
> >> http://www.isc2.org
> >> 
> >> 
> >> ---original message---
> >> Date: Mon, 30 Sep 2002 11:36:39 -0700 (PDT)
> >> From: Alwin Raymundo <alrayworld at ...131...>
> >> To: user snort
> <snort-users at lists.sourceforge.net>
> >> Subject: [Snort-users] barnyard (Payload)
> >> 
> >> Hi Everybody,
> >> 
> >> I don't know if this is already posted in
> previous
> >> discussion and this morning I just setup the
> >> barnyard.
> >>  I like it because it fast to log all packets in
> my
> >> mysql and acid but I notice there is no payload.
> >> 
> >> Is this normal? is there in another way to get
> the
> >> payload?.
> >> 
> >> Any help would be appreciated.
> >> 
> >> Thanks in advance.
> >> 
> >> 
> >> 
> >> 
> > 
> >> ATTACHMENT part 2 application/x-pkcs7-signature
> > name=smime.p7s
> > 
> > 
> > 
> > =====
> > Alwin Raymundo
> > 
> > __________________________________________________
> > Do you Yahoo!?
> > New DSL Internet Access from SBC & Yahoo!
> > http://sbc.yahoo.com
> > 
> > 
> >
>
-------------------------------------------------------
> > This sf.net email is sponsored by: DEDICATED
> SERVERS only $89!
> > Linux or FreeBSD, FREE setup, FAST network. Get
> your own server
> > today at http://www.ServePath.com/indexfm.htm
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or
> unsubscribe:
> >
>
https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> >
>
http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > 
> > 
> 
> -- 
> Martin Roesch - Founder/CTO Sourcefire Inc. - (410)
> 290-1616
> Sourcefire: Professional Snort Sensor and Management
> Console appliances
> roesch at ...1935... - http://www.sourcefire.com
> Snort: Open Source Network IDS -
> http://www.snort.org
> 
> 
> 
>
-------------------------------------------------------
> This sf.net email is sponsored by: DEDICATED SERVERS
> only $89!
> Linux or FreeBSD, FREE setup, FAST network. Get your
> own server 
> today at http://www.ServePath.com/indexfm.htm
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or
> unsubscribe:
>
https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
>
http://www.geocrawler.com/redir-sf.php3?list=snort-users


=====
Alwin Raymundo

__________________________________________________
Do you Yahoo!?
New DSL Internet Access from SBC & Yahoo!
http://sbc.yahoo.com




More information about the Snort-users mailing list