[Snort-users] How Can I display the rule name instead of the ID with ACID?

Nigel Houghton nigel at ...1935...
Tue May 13 08:01:42 EDT 2008


On 5/13/08 5:11 AM, "Berta Alcala" <berta83 at ...11827...> wrote:

> Thank you very much for your reply.
> As Matt says, what I really want is, how to display the signature description
> on "sig_name" field instead of the signature ID.
> I don't use barnyard, nor BASE. So the first thing I'm going to do is
> installing Base. Do I need to use barnyard?
> 
> Regards,
> Berta
> 
> 2008/5/12 Joel Esler <joel.esler at ...3027...>:
>> So, if by displaying just the sig-id in the signature field, instead
>> of the name of the signature, this leads me to believe that you are
>> using barnyard to read unified files and output their contents into
>> the db.
>> 
>> What the problem is, is not a problem with base, acid, or even Snort.
>> It's a misconfiguration in Barnyard.  You don't have your barnyard
>> reading your correct sid-msg.map file.

Make sure you have a correctly generated sid-msg.map and that it is readable
by the database user. If you use oinkmaster there is a script in the contrib
section that will build it for you.

--
Nigel Houghton
Resident Hooligan
SF VRT





More information about the Snort-users mailing list