[Snort-users] Serious Snort Bug Could Lead To Next Slammer

Scott Dexter scott.dexter at ...11827...
Thu Oct 20 07:49:31 EDT 2005


I guess actually checking with the people who make the software was
too much to ask, who else can we speak with, why someone with a
competing product, surely they will be objective about this. Beyond
that sounds like too much work, yes?

Scott

On 10/20/05, Michael Steele <michaels at ...9077...> wrote:
> I found this:
>
> http://www.crn.com/sections/breakingnews/dailyarchives.jhtml?articleId=17230
> 2520
>
> No mention on Snort.org or in the list.
>
> Kindest regards,
> Michael...
>
> WINSNORT.com Management Team Member
> --
> Pick up your FREE Windows or UNIX Snort installation guides
> mailto:support at ...9077...
> Website: http://www.winsnort.com
> Snort: Open Source Network IDS - http://www.snort.org
> -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net
> [mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Igor Belikov
> Sent: Thursday, October 20, 2005 12:18 AM
> To: snort-users at lists.sourceforge.net
> Subject: Re[2]: [Snort-users] need help configuring snort + barnyard
>
> Hello Chris,
>
> Wednesday, October 19, 2005, 7:31:05 PM, you wrote:
>
> CE> |   I configured snort to write both alert and log files in unified
> CE> |   format. But I can't configure barnyard properly to store in DB
> CE> |   detailed info about alerts.
> CE> |
> CE> |   Barnyard "watch" alert files and stores info about alerts, but I
> CE> |   need also store whole packets caused alert.
>
> CE> It seems you don't need to have snort write both unified files.  All the
> CE> required info seems to be in the unified "log" file, so this is what you
> CE> want barnyard to read.  It's not at all clear to us what info is in the
> CE> unified "alert" file that's not *also* in the unified "log" file.  So we
> CE> don't write a unified "alert" file at all.
>
> It's sounds good, but I still can't configure snort + barnyard.
>
> Last configs:
>
>   - snort:
>
> output log_unified: filename snort.log, limit 128
>
>   - barnyard:
>
> output log_acid_db: mysql, sensor_id 1, database snort, server x.x.x.x, user
> xxxxx, password xxxxx, detail full
>
> In /log directory I see "snort.log.<timestamp>", "barnyard.waldo"
> (with correct link to snort.log) and "alert" (with alerts produced by
> snort).
>
> Watching log files I see that barnyard works (link in waldo file
> follows growing snort.log), but I don't get any new alerts in DB.
>
> Using previous variant of configs (using unified alert) barnyard put
> all alerts in DB.
>
> Please, point me where I make mistake.
>
> --
> Best regards,
>  Igor                            mailto:ivb at ...13431...
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by:
> Power Architecture Resource Center: Free content, downloads, discussions,
> and more. http://solutions.newsforge.com/ibmarch.tmpl
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>
>
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by:
> Power Architecture Resource Center: Free content, downloads, discussions,
> and more. http://solutions.newsforge.com/ibmarch.tmpl
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>


--
Scott Dexter
The beginning of knowledge is the discovery of something we do not understand.
    -Frank Herbert




More information about the Snort-users mailing list