Snort mailing list archives
Re: Acid Snort Barnyard Payload
From: Kevin Peuhkurinen <kevin.peuhkurinen () hepcoe com>
Date: Mon, 10 Mar 2003 10:21:37 -0500
> When I tried to view the payload on acid, It say noneI had the same problem. In order for Barnyard to pass the packet data, it has to be working on the logs rather than the alerts. So,
1) make sure that "output_log_unified" is set in snort.conf 2) make sure that "processor dp_log" is set in barnyard.conf3) enable "output log_acid_db" in barnyard.conf and do NOT enable "output alert_acid_db". 4) start barnyard with the "-f" option pointing to the base name of your log files. In my case, this is "snort.log"
That should do it. Kevin ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Acid Snort Barnyard Payload Alwin Raymundo (Mar 08)
- <Possible follow-ups>
- Re: Acid Snort Barnyard Payload Kevin Peuhkurinen (Mar 10)
- Re: Re: Acid Snort Barnyard Payload Alwin Raymundo (Mar 11)