Snort mailing list archives

Previous By Date Next
Previous By Thread Next

SnortInline - Barnyard - no ipheader & payload

From: Jochen Vogel <jvogel () it-sec de>
Date: Thu, 1 Apr 2004 10:47:43 +0200
Hi,

I use fedora with snortinline2.1(binary) and barnyard 0.2rc1
but i cant see ipheader or payload

I start snort 
snort -c snort.conf -i br0 -Q -de -A none
with config
output log_unified: filename snort.log, limit 128
--------------------------------------------------------------
I start barnyard
barnyard -c barnyard.conf -d $LOG -g gen-msg.map -s sid-msg.map -f snort.log
-w waldo.log
with config
config localtime
config hostname: 18
config interface:
config filter:
output log_dump
-----------------------------------------------------------------

The system generate logs and write it to acid but the IPHeader and Payload
fail. If i show dumplog i can see

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

[**] [1:363:4] ICMP IRDP router advertisement [**]
[Classification: Misc activity] [Priority: 3]
[Xref => http://www.securityfocus.com/bid/578]
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0875]
[Xref => http://www.whitehats.com/info/IDS173]
Event ID: 4014     Event Reference:
4014=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
=+

[**] [1:382:4] ICMP PING Windows [**]
[Classification: Misc activity] [Priority: 3]
[Xref => http://www.whitehats.com/info/IDS169]
Event ID: 20274     Event Reference: 20274
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

-----------------------------------------------------------------------

If uncomment the unified log in snort.conf i can see all in the snort
standard log

Thx for help
jo


-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: