Re: Base Barnyard and Unified Logs

[Wes Young <wcyoung () buffalo edu>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I know... I have done that... which is why Aanval works...

but Base Does not.... trying to figure that part out (where base gets
all it's info)

Paul Schmehl wrote:
| --On Monday, March 14, 2005 04:05:36 PM -0500 Wes Young
| <wcyoung () buffalo edu> wrote:
|
|>
|> I thought barnyard uses the sid-msg.map to read the sid and then inserts
|> ~ the sig details to the DB, no? I don't specify the sid-msg.map anywhere
|> else, hense why Aanval works perfectly, but base, does not.
|>
| You *do* have to tell barnyard where the sid-msg.map is.  Otherwise it
| will not be able to parse the sids to msgs.
|
| You do it one of two ways:
|
| In the config file:
| config sid-msg-map: /path/to/sig-msg.map
|
| On the commandline:
| barnyard -s /path/to/sid-msg.map
|
| Paul Schmehl (pauls () utdallas edu)
| Adjunct Information Security Officer
| The University of Texas at Dallas
| AVIEN Founding Member
| http://www.utdallas.edu
|
|

- --
Wes Young
Network Security Analyst
University at Buffalo
GPG Key: http://saxjazman9-security.blogspot.com/2005/01/gpg-key.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFCNhCT1M5o0FsrrbERAn9eAJ9YT7Cew3I7vemWhhSvyfhUu0VdeACgh4ml
BM/OQflMZU5yQXEIgTKWIoU=
=6Eoc
-----END PGP SIGNATURE-----


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users