[Snort-users] Base Barnyard and Unified Logs

Wes Young wcyoung at ...12754...
Mon Mar 14 13:20:17 EST 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ah ha....

Barnyard only inserts the SIG NAME if it doesnt exist in the snort table
already, not based on msg map readin. So, if you start base on a 'not so
fresh' start of barnyard, you'll get all the snort data, but if you F'd
your sig table, it won't add it without a manual script, that reads the
sigmap in and then inserts it... might be a nice addition to either
project... might take up space... but not that much...

eof

Wes Young wrote:
| I thought barnyard uses the sid-msg.map to read the sid and then inserts
| ~ the sig details to the DB, no? I don't specify the sid-msg.map anywhere
| else, hense why Aanval works perfectly, but base, does not.
|
| There must be a slight problem with the way base looks up sig info and a
| slight problem how barnyard stores it.
|
| Michael Scheidell wrote:
| | The issues is barnyard.
| |
| | Barnyard only stores the sid, and THEN, reads sid-msg.map for signature
| | description.
| |
| |
|

- -------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



- --
Wes Young
Network Security Analyst
University at Buffalo
GPG Key: http://saxjazman9-security.blogspot.com/2005/01/gpg-key.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFCNf/r1M5o0FsrrbERApgFAJ9qWU0aqCiggDQIBkNtr86x4/WeMgCgnOAI
GYAlhbFA857IGSRBLn4Qmdw=
=za3C
-----END PGP SIGNATURE-----




More information about the Snort-users mailing list