Snort mailing list archives
Snort>Unified2>Barnyard2>Syslog
From: amN0P () me com
Date: Thu, 12 Jan 2012 19:11:25 +0000 (UTC)
Hi everyone, Cannot figure this out. I have barnyard2 reading unified2 Snort output. Barnyard2 is configured to dump syslog. In syslog files I am getting these types of Snort alerts: Jan 12 13:43:41 argonatl snort: [1:20584:1] Snort Alert [1:20584:0] [Classification: Web Application Attack] <remaining part suppressed> Not sure why the exact rule name is replaced by "Snort Alert". This alert has msg missing as well. The above type of alerts are getting reported along with alerts with expected/correct (with proper alert name and msg) alerts like. Jan 12 13:43:41 argonatl snort: [1:12391:3] POLICY Google Webmail client chat applet [Classification: Potential Corporate Privacy Violation] [Priority: 1]:<remaining part suppressed> Not sure what I am doing wrong. Can you please point me to the right direction. Thanks, Amit
------------------------------------------------------------------------------ RSA(R) Conference 2012 Mar 27 - Feb 2 Save $400 by Jan. 27 Register now! http://p.sf.net/sfu/rsa-sfdev2dev2
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort>Unified2>Barnyard2>Syslog amN0P (Jan 12)
- Re: Snort>Unified2>Barnyard2>Syslog Eoin Miller (Jan 12)