Issue with barnyard & unified alert log file

[Marc Dreher <MarcDreher () gmx net>]

Sorry, 

forgot subject in last post ...


Hi all,

I posted this question already a couple of days ago. As I did not get an
answer either nobody knows (which I doubt) or it is a very well known
issue and I was tu stupid to find the answer in the faq or list history
(although I looked closly). The problem is the following.
When I have snort logging alerts in unified form to a file and take this
file as input for barnyard to write the output either to syslog or the
alert_fast output plugin I do not get any IP adresses or time information
for spp_portscan alerts. Output from alert_fast for example looks like this:

01/01/-30-00:00:00.000000 {IP} 0.0.0.0 -> 0.0.0.0
[**] [100:2:1] spp_portscan: Portscan Status [**]
[Classification: Not Suspicious Traffic] [Priority: 0]

all other alerts are fine. When I have snort log into the plain ascii
alert file everything is ok as well.

Thanks fo any hints.
 
Regards
Marc

-- 
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net



-------------------------------------------------------
This sf.net email is sponsored by: OSDN - Tired of that same old
cell phone?  Get a new here for FREE!
https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users