[Snort-users] Snort and Barnyard question about syslog output.

Bamm Visscher bamm at ...539...
Thu May 6 13:45:05 EDT 2004


Make sure you use a sid and rev in your rule and the update the sid-msg.map. Unfied out doesn't store the alert message, instead it stores the sid/rev and barnyard maps this back.

Bammkkkk

On Thu, May 06, 2004 at 03:27:22PM -0500, Timothy W Morrison wrote:
> Hello All,
> I am currently trying to use Snort and Barnyard to generate some real time 
> alerts. I am currently using barnyard with the alert_syslog option. I am 
> then using Syslog-ng to push this data to another server. The alerts get 
> to my logging server fine, and are in the following format:
> 
> May  6 15:22:04 localhost barnyard: [1:0:0] Snort Alert [1:0:0] 
> [Classification: Misc activity] [Priority: 3] {TCP} 
> 
> I using some generic rules that I have created for these alerts to be 
> generated. I am wondering what I have to do to modify these rules so the 
> signature/rule name is in the alert instead of "Snort Alert" or if I 
> should use the alert_syslog2 in the barnyard configuration file.
> 
> Tim Morrison
> Enterprise Support Services Coop - Department K6LA
> 507-253-4495 T/L: 553-4495
> 3605 Highway 52 North, Rochester,MN
> morriswt at ...2135...




More information about the Snort-users mailing list