Snort mailing list archives
Re: Snort, Barnyard, Acid - Lack of paylod
From: Michael Anderson <mca () arlut utexas edu>
Date: Tue, 01 Jun 2004 09:11:35 -0500
I'm glad this fixed your problem. As to alert_acid_db, I think the intention for this output is to just record the event and hdr information whereas log_acid_db includes the payload. So I'm confused why there is even an option to remove the payload from log_acid_db.
-Mike John J. Nagro wrote:
Thanks so much for the tip. more below... On 28.May.2004 01:09PM -0500, Michael Anderson wrote:I had the same problem. Make sure you specify detail full in your barnyard.conf file. The detail seems to be set to fast by default which only inserts the hdr and event information. I found this out by looking through the code. I could not find any documentation describing this configuration parameter.Example barnyard.conf:output log_acid_db: mysql, database db, server localhost, user user, password passwd, detail fullthis does infact work for me too, thank you, however it worries me that i cant do the same thing with output alert_acid_db i am still looking into it, i will post my results. i appreciate your help-Mike John J. Nagro wrote:hello all, i am currently trying to run snort sensors logging to unified output (alerts) and barnyard to pick them up and toss them into a database that i look at via acid. It works but i cant get it to log payload, whats going on? Thanks in advance! -John Nagro (i am new to the list, i apologize if this is a topic thats already been covered, a link to that thread would be great)
------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10gGet certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort, Barnyard, Acid - Lack of paylod John J. Nagro (May 28)
- Re: Snort, Barnyard, Acid - Lack of paylod Michael Anderson (May 28)
- Message not available
- Re: Snort, Barnyard, Acid - Lack of paylod Michael Anderson (Jun 01)
- Message not available
- Re: Snort, Barnyard, Acid - Lack of paylod Michael Anderson (May 28)