[Snort-users] Snort is not able to forward report to Base.

Ayodele Okeowo aymacro at ...11827...
Fri Jan 3 11:42:55 EST 2014


Waldo is right. You will need to build the sid-msg.map, however, I've never
done that for any windows Snort installation but you should try to follow
his specific steps doing that.

Also I'm not at home at the moment but I should be able to help research
how to build that.

Ayo


On Fri, Jan 3, 2014 at 10:50 AM, Stephen Fernandis [IT Shared Services –
Hub] <fernans at ...16617...> wrote:

>  Hi Waldo,
>
>
>
> As per Winids installation url
> http://winsnort.com/index.php?module=Pages&func=display&pageid=40. That
> activator file is require in barnyard2 testing. So if you can help to get
> that file.
>
>
>
>
>
>
>
>
>
>
>
> Kind Regards,
>
> Stephen Fernandis
>
> Network & Security Domain, Information Technology |MTN-HUB
>
> Cell + 256 785373903 Desk +256 312125995 |email : fernans at ...16617...
>
>
>
>
>
> I do not know anyone who has got to the top without hard work. That is the
> recipe. It will not always get you to the top, but should get you pretty
> near- In memory of Margaret Thatcher
>
>
>
> -----Original Message-----
> From: waldo kitty [mailto:wkitty42 at ...14940...]
> Sent: Friday, January 03, 2014 6:15 PM
> To: snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] Snort is not able to forward report to Base.
>
>
>
> On 1/3/2014 9:35 AM, Stephen Fernandis [IT Shared Services – Hub] wrote:
>
> > Hi Ayodele,
>
> >
>
> > Thanks for your assist,
>
> >
>
> > 1)is logging to MySQL via barnyard2
>
> >
>
> > Ans Yes I logged the mysql via barnyard2, but as per below url of
>
> > windows snort installation I ignore this step during as mention in
> screenshot.
>
>
>
> that doesn't sound like a good thing to do...
>
>
>
> > Because I didn’t get the activators and /'sid-msg.map' /file on snort
>
> > site and google. Please let me know due to that reason I facing the
>
> > issue of forward generated logs to Base.
>
>
>
> you have to build the sid-msg.map file... that's what the second tool
>
> (create-sidmap) unzipped in that snapshot was for... i don't know how to
> tell you to execute it, though...
>
>
>
> i don't have any idea about those activators because i do not run critical
> packages on winwhatever...
>
>
>
> --
>
> NOTE: No off-list assistance is given without prior approval.
>
>        Please keep mailing list traffic on the list unless
>
>        private contact is specifically requested and granted.
>
>
>
>
> ------------------------------------------------------------------------------
>
> Rapidly troubleshoot problems before they affect your business. Most IT
> organizations don't have a clear picture of how application performance
> affects their revenue. With AppDynamics, you get 100% visibility into your
> Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics
> Pro!
>
> http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
>
> _______________________________________________
>
> Snort-users mailing list
>
> Snort-users at lists.sourceforge.net
>
> Go to this URL to change user options or unsubscribe:
>
> https://lists.sourceforge.net/lists/listinfo/snort-users
>
> Snort-users list archive:
>
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
>
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
> ------------------------------
> NOTE: This e-mail message is subject to the MTN Group disclaimer see
> http://www.mtn.co.ug/email/Email-disclaimer.aspx
>
>
> ------------------------------------------------------------------------------
> Rapidly troubleshoot problems before they affect your business. Most IT
> organizations don't have a clear picture of how application performance
> affects their revenue. With AppDynamics, you get 100% visibility into your
> Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics
> Pro!
> http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140103/7f3a004a/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 26783 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140103/7f3a004a/attachment.png>


More information about the Snort-users mailing list