Snort mailing list archives
Re: Acidbase frontend does not show IPv6 alerts?
From: Jeremy Hoel <jthoel () gmail com>
Date: Tue, 14 Oct 2014 17:14:54 +0000
The issue is in the database that ACID (and all the other tools) use. Barnyard2 doesn't pass that onto the database (since there's no where to put it) so it will never show up. I'm not away of any snort fronted that does ipv6 yet. We look for our ipv6 alerts in our SEIM, but it's very limited. On Mon, Oct 13, 2014 at 6:37 PM, Marcelo Garcia <marcelo () lcs poli usp br> wrote:
Hello! I have native IPv4+IPv6 dualstack networks monitored with Snort 2.9.6.2, Barnyard 2.1.13 and AcidBase 1.4.5-2. Unfortunately, I cannot see IPv6 entries in BASE web interface. If I run Snort in console mode, I can see many alerts in IPv6. I can see also the mysql database growing due to IPv6 alerts generated by Snort. What am I missing? Is there IPv6 suport in Acidbase? Is there any configuration option or a patch I must apply? If not, which frontend could be an alternative to Acidbase? Thanks for any help! ------------------------------------------------------------------------------ Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://p.sf.net/sfu/Zoho _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://p.sf.net/sfu/Zoho
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Acidbase frontend does not show IPv6 alerts? Marcelo Garcia (Oct 13)
- Re: Acidbase frontend does not show IPv6 alerts? Jeremy Hoel (Oct 14)
- Re: Acidbase frontend does not show IPv6 alerts? Marcelo Garcia (Oct 15)
- Re: Acidbase frontend does not show IPv6 alerts? Jeremy Hoel (Oct 14)