[Snort-users] barnyard2 1.9 no ip

Oleg V Popov admin at ...15619...
Fri May 4 10:22:47 EDT 2012


Good day. Recently, i start using barnyard2 1.9 with snort 2.9.9.2.
Barnyard2 do output for portscan without ip address. 

#----------------------------------------------------

Example:

Snort syslog:

May  4 11:55:42 gw snort[16283]: [122:1:1] PSNG_TCP_PORTSCAN
[Classification: Attempted Information Leak] [Priority: 2] {PROTO:255}
192.168.x.x -> 192.168.x.x


Barnyard2 syslog:


May  4 11:55:43 gw snort[7095]: portscan: TCP Portscan

#----------------------------------------------------

Additional info:

Snort conf: 

output unified2: filename snort.log, limit 128
preprocessor sfportscan: proto  { all } memcap { 10000000 } sense_level
{ low }

#----------------------------------------------------








More information about the Snort-users mailing list