[Snort-users] Barnyard2/Base MAC Address from PCAP

wkitty42 at windstream.net wkitty42 at windstream.net
Wed Jan 3 19:54:46 EST 2018

On 01/03/2018 03:22 PM, Gordon Wallum wrote:
> Thanks for the info wkitty
> I can find the MAC addresses in the Snort unified2 log, but when barnyard2 inputs the logs into SQL it doesn’t store the layer2 MAC data and instead uses a bogus hardcoded one
> Is there any way to achieve this? I found an article explaining the same problem
> http://seclists.org/snort/2010/q3/562

umm, you should be able to modify barnyard2 to output what you need... then you 
could donate that code to the barnyard2 project ;)

i don't know anything about barnyard2 other than what i see here and a few other 
places on the 'net...

  NOTE: No off-list assistance is given without prior approval.
        *Please keep mailing list traffic on the list unless*
        *a signed and pre-paid contract is in effect with us.*

More information about the Snort-users mailing list