Re: barnyard (Payload)

[Bamm Visscher <bamm () satx rr com>]

I use a modified (different DB schema) op_acid_db and it inserts
"payload" data. op_acid_db should also. Check to make sure you are using
the log_unifed output plugin (alert_unified doesn't log packet data).
When you run BY, make sure it is reading the log_unified output (i.e. -f
snort.log). IIRC, BY cannot read log_unified and alert_unified at the
same time. Finally, in your barnyard.conf, make sure you use 'output
log_acid_db' (vice 'output alert_acid_db'.

Bammkkkk

On Tue, 2002-10-01 at 07:31, Ron Shuck wrote:
> Hey Alwin,
>
> I found the same results. I haven't heard if there are plans to include
> this, or if it should work and we just missed something.
>
>
> Ron Shuck, CISSP - Managing Consultant
> Buchanan Associates - A Technology Company in the People Business
> http://www.buchanan.com
> http://www.isc2.org
>
>
> ---original message---
> Date: Mon, 30 Sep 2002 11:36:39 -0700 (PDT)
> From: Alwin Raymundo <alrayworld () yahoo com>
> To: user snort <snort-users () lists sourceforge net>
> Subject: [Snort-users] barnyard (Payload)
>
> Hi Everybody,
>
> I don't know if this is already posted in previous
> discussion and this morning I just setup the barnyard.
>  I like it because it fast to log all packets in my
> mysql and acid but I notice there is no payload.
>
> Is this normal? is there in another way to get the
> payload?.
>
> Any help would be appreciated.
>
> Thanks in advance.




-------------------------------------------------------
This sf.net email is sponsored by: DEDICATED SERVERS only $89!
Linux or FreeBSD, FREE setup, FAST network. Get your own server 
today at http://www.ServePath.com/indexfm.htm
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users