[Snort-users] Logging MAC address with snort, barnyard2 & MySQL

Guillaume Blanc guillaume.b.blanc at ...11827...
Fri Aug 20 10:11:00 EDT 2010


Hello everyone,

I’m actually trying to get the MAC address of the IP showed in snort alert,
but when I download the pcap packet from BASE the only mac address that i’ve
got are 11:22:33:44:55:66 and de:ad:ca:fe:ba:be (dead:cafe:babe)…

I’ve searched around and found the option -e to activate in snort. But no
more result. I also use barnyard2 and i tried to activate the same option.

I’ve found this post who was really interesting
"
http://www.infosecramblings.com/2008/12/02/snort-base-mysql-and-a-deadcafebabe/
"

And in the comment someone said it was possible with barnyard2 apparently.
Do you have any clue on i can have those MAC addresses ?

Thank You
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100820/e81ccdab/attachment.html>


More information about the Snort-users mailing list