[Snort-users] Barnyard 0.2.0 Patch

Colin Grady colin.grady at ...11827...
Sat Jun 4 14:46:50 EDT 2005


I've written a patch for Barnyard 0.2.0 that fixes some issues with
the op_sguil op_acid_db output plugins. The patch allows the Sguil
output plugin to properly log the signature revision numbers and the
signature generator ID. Prior to this patch, the signature generator
ID an revision numbers were always defaulted to 0. The signature
generator ID was never passed in the event INSERT statement,
defaulting it to 0 in the database. The signature revision number was
not properly set in the Sid structure because it populated the
structure based on the sid-msg.map which doesn't include the revision
information. To fix that the OpSguil_Log function now populates the
Sid->rev value from the UnifiedLogRecord information. The same thing
goes for the Alert and Log functions in op_acid_db.

The patch is available here:
http://pr00f.org/barnyard-0.2.0-cmg.patch

Enjoy,
Colin Grady




More information about the Snort-users mailing list