[Snort-users] snort_inline + barnyard2 + base
ferrao04 at ...11827...
Thu Apr 29 15:56:18 EDT 2010
I have a FreeBSD 7.2-stable.
I have installed snort-188.8.131.52 with enable-inline and enable-ipfw and I have
The snort and barnyard2 initialize successfully. The snort record alerts in
snort.u2 (binary alerts) and barnyard2 forward the alerts to database.
output unified2: filename snort.u2, limit 128
output database: log, mysql, user=snort password=xxxxx dbname=snort_bd
My problem is: I only see in my BASE portscan preprocessor alerts (portscan:
TCP Portscan, portscan: TCP Decoy Portscan, portscan: TCP Distributed
Portscan and etc.).
When I initialize snort forwarding the alerts to database instead to record
in snort.u2 (binary format), I see ALL alerts in BASE. I don't understand!
This problem is only happening when I initialize snort_inline (IPS) +
barnyard2. When I initialize snort (IDS) + barnyard2, I see ALL alerts in
Can somebody help me?
"E conhecereis a verdade e a verdade vos libertará". João 8.32
"And you will know the truth and the truth you will free". John 8.32
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users