[Snort-users] barnyard2 1.9 no ip

Joel Esler jesler at ...1935...
Mon May 14 08:37:55 EDT 2012


I suggest the barynard2 users list.

http://groups.google.com/group/barnyard2-users/topics


On May 14, 2012, at 3:52 AM, Oleg V Popov wrote:

> No, I wrote to the developer and to other places, but got no response.
> 
> Yossi писал 13.5.2012 18:04:
>> Hi Oleg,
>> 
>> did u resolved it? I've got the same problem. I also try to use snort
>> 2.9.9.2 with barnyard2 1.9 and mysql DB
>> 
>> 
>> 
>> On 05/04/2012 05:22 PM, Oleg V Popov wrote:
>>> Good day. Recently, i start using
>>> Barnyard2 do output for portscan without ip address.
>>> 
>>> #----------------------------------------------------
>>> 
>>> Example:
>>> 
>>> Snort syslog:
>>> 
>>> May  4 11:55:42 gw snort[16283]: [122:1:1] PSNG_TCP_PORTSCAN
>>> [Classification: Attempted Information Leak] [Priority: 2] 
>>> {PROTO:255}
>>> 192.168.x.x ->  192.168.x.x
>>> 
>>> 
>>> Barnyard2 syslog:
>>> 
>>> 
>>> May  4 11:55:43 gw snort[7095]: portscan: TCP Portscan
>>> 
>>> #----------------------------------------------------
>>> 
>>> Additional info:
>>> 
>>> Snort conf:
>>> 
>>> output unified2: filename snort.log, limit 128
>>> preprocessor sfportscan: proto  { all } memcap { 10000000 } 
>>> sense_level
>>> { low }
>>> 
>>> #----------------------------------------------------
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> ------------------------------------------------------------------------------
>>> Live Security Virtual Conference
>>> Exclusive live event will cover all the ways today's security and
>>> threat landscape has changed and how IT managers can respond. 
>>> Discussions
>>> will include endpoint security, mobile security and the latest in 
>>> malware
>>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users at lists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>> Snort-users list archive:
>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>> 
>>> Please visit http://blog.snort.org to stay current on all the latest 
>>> Snort news!
> 
> 
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and 
> threat landscape has changed and how IT managers can respond. Discussions 
> will include endpoint security, mobile security and the latest in malware 
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!





More information about the Snort-users mailing list