[Snort-users] Base Barnyard and Unified Logs

Wes Young wcyoung at ...12754...
Mon Mar 14 13:20:17 EST 2005

Hash: SHA1

Ah ha....

Barnyard only inserts the SIG NAME if it doesnt exist in the snort table
already, not based on msg map readin. So, if you start base on a 'not so
fresh' start of barnyard, you'll get all the snort data, but if you F'd
your sig table, it won't add it without a manual script, that reads the
sigmap in and then inserts it... might be a nice addition to either
project... might take up space... but not that much...


Wes Young wrote:
| I thought barnyard uses the sid-msg.map to read the sid and then inserts
| ~ the sig details to the DB, no? I don't specify the sid-msg.map anywhere
| else, hense why Aanval works perfectly, but base, does not.
| There must be a slight problem with the way base looks up sig info and a
| slight problem how barnyard stores it.
| Michael Scheidell wrote:
| | The issues is barnyard.
| |
| | Barnyard only stores the sid, and THEN, reads sid-msg.map for signature
| | description.
| |
| |

- -------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

- --
Wes Young
Network Security Analyst
University at Buffalo
GPG Key: http://saxjazman9-security.blogspot.com/2005/01/gpg-key.html
Version: GnuPG v1.2.6 (GNU/Linux)


More information about the Snort-users mailing list