[Snort-users] Base Barnyard and Unified Logs

Paul Schmehl pauls at ...6838...
Mon Mar 14 14:26:13 EST 2005


--On Monday, March 14, 2005 04:05:36 PM -0500 Wes Young 
<wcyoung at ...12754...> wrote:
>
> I thought barnyard uses the sid-msg.map to read the sid and then inserts
> ~ the sig details to the DB, no? I don't specify the sid-msg.map anywhere
> else, hense why Aanval works perfectly, but base, does not.
>
You *do* have to tell barnyard where the sid-msg.map is.  Otherwise it will 
not be able to parse the sids to msgs.

You do it one of two ways:

In the config file:
config sid-msg-map: /path/to/sig-msg.map

On the commandline:
barnyard -s /path/to/sid-msg.map

Paul Schmehl (pauls at ...6838...)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu




More information about the Snort-users mailing list