[Snort-users] Base Barnyard and Unified Logs

Wes Young wcyoung at ...12754...
Mon Mar 14 13:06:45 EST 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I thought barnyard uses the sid-msg.map to read the sid and then inserts
~ the sig details to the DB, no? I don't specify the sid-msg.map anywhere
else, hense why Aanval works perfectly, but base, does not.

There must be a slight problem with the way base looks up sig info and a
slight problem how barnyard stores it.

Michael Scheidell wrote:
| The issues is barnyard.
|
| Barnyard only stores the sid, and THEN, reads sid-msg.map for signature
| description.
|
|

- --
Wes Young
Network Security Analyst
University at Buffalo
GPG Key: http://saxjazman9-security.blogspot.com/2005/01/gpg-key.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFCNfyf1M5o0FsrrbERAm9qAKCe+tyS1IMc8BOqolULGFeOlRax3QCcDEBP
U3tPJeymtbS6/+ZsCOMB0Co=
=yfMM
-----END PGP SIGNATURE-----




More information about the Snort-users mailing list