Snort mailing list archives
Re: Barnyard2 not inputting portscans (was Unified Logging - BASE - Portscans)
From: beenph <beenph () gmail com>
Date: Wed, 27 Jul 2011 08:50:13 -0400
On Wed, Jul 27, 2011 at 8:30 AM, James Lay <jlay () slave-tothe-box net> wrote:
Interesting....and guess what...barnyard2 doesn't seem to log portscan data: Jul 26 20:34:39 gateway snort[4555]: [122:17:0] (portscan) UDP Portscan [Priority: 3] {PROTO:255} 205.171.2.25 -> my.ext.ip A search for 205.171.2.25 came up empty....I think we have our issue. Time to talk to firnsy mabye?
The only thing that barnyard2 is not logging should be EXTRADATA events. Now in barnyard2 1.10, the only issue i could see that would lead to your portscan not being reported is the spooler cache mechanism that will be removed in a future version since the spooler has been refactored. You can find a version of barnyard2 without the spooler cache and with spooler improvements @ https://github.com/binf/barnyard2. Let us know if this fix whats you are observing. Thanks -elz ------------------------------------------------------------------------------ Got Input? Slashdot Needs You. Take our quick survey online. Come on, we don't ask for help often. Plus, you'll get a chance to win $100 to spend on ThinkGeek. http://p.sf.net/sfu/slashdot-survey _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please see http://www.snort.org/docs for documentation
Current thread:
- Re: Unified Logging - BASE - Portscans, (continued)
- Re: Unified Logging - BASE - Portscans Lay, James (Jul 25)
- Re: Unified Logging - BASE - Portscans Michael Steele (Jul 25)
- Re: Unified Logging - BASE - Portscans Lay, James (Jul 25)
- Re: Unified Logging - BASE - Portscans Michael Steele (Jul 25)
- Re: Unified Logging - BASE - Portscans James Lay (Jul 25)
- Re: Unified Logging - BASE - Portscans Michael Steele (Jul 26)
- Re: Unified Logging - BASE - Portscans James Lay (Jul 26)
- Re: Unified Logging - BASE - Portscans Michael Steele (Jul 26)
- Re: Unified Logging - BASE - Portscans Michael Steele (Jul 27)
- Barnyard2 not inputting portscans (was Unified Logging - BASE - Portscans) James Lay (Jul 27)
- Re: Barnyard2 not inputting portscans (was Unified Logging - BASE - Portscans) beenph (Jul 27)
- Re: Barnyard2 not inputting portscans (was Unified Logging - BASE - Portscans) James Lay (Jul 27)
- Re: Barnyard2 not inputting portscans (was Unified Logging - BASE - Portscans) beenph (Jul 27)
- Re: Unified Logging - BASE - Portscans Michael Steele (Jul 25)
- Re: Barnyard2 not inputting portscans (was Unified Logging - BASE - Portscans) James Lay (Jul 27)
- Re: Barnyard2 not inputting portscans (was Unified Logging - BASE - Portscans) beenph (Jul 27)
- Re: Unified Logging - BASE - Portscans Lay, James (Jul 25)
- Re: Unified Logging - BASE - Portscans Jason Brvenik (Jul 30)