[Snort-users] Load alerts read from file to database

Al Lewis (allewi) allewi at ...589...
Sat Feb 4 18:10:45 EST 2017


Are the alert files in unified2 format?

You may want to look here for some more info on barnyard.

https://github.com/firnsy/barnyard2


https://github.com/firnsy/barnyard2/tree/master/doc



Albert Lewis
ENGINEER.SOFTWARE ENGINEERING
SOURCEfire, Inc. now part of Cisco
Email: allewi at ...589...<mailto:allewi at ...589...>

From: Paul Li <paul at ...17768...<mailto:paul at ...17768...>>
Date: Saturday, February 4, 2017 at 1:05 AM
To: 'snort-users' <snort-users at lists.sourceforge.net<mailto:snort-users at lists.sourceforge.net>>
Subject: [Snort-users] Load alerts read from file to database

I'm using Snort to read a file and Snort generates alerts. But when tried using Barnyard2 load these alerts to database, no alerts were loaded. Is there any configuration I should change to make it work, or Barnyard2 doesn't support loading alerts from files?

(When Snort generates alerts from monitoring a networking interface, Barnyard successfully loaded alerts to the database.)

Thanks,
Paul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20170204/d27fd5b7/attachment.html>


More information about the Snort-users mailing list