Snort mailing list archives
Re: barnyard (Payload)
From: Martin Roesch <roesch () sourcefire com>
Date: Tue, 15 Oct 2002 18:27:25 -0400
You need to setup log_unified in your snort.conf, alert_unified only reports the event data, not the packet logs.
-Marty
On Tuesday, October 15, 2002, at 08:37 AM, Alwin Raymundo wrote:
Hi Marty, Sorry I'm busy this week and I just open my email. in my snort.conf output aler_unified: filename snort.alert, limit 128 in barnyard.conf config hostname: snorthost config interface: fxp0 config filter: not port 22 processor dp_alert processor dp_log processor dp_stream_stat output alert_fast output log_dump output alert_acid_db: mysql, sensor_id 1, database snort, server localhost, user usnort, password loghog I'm new with barnyard. Thanks in Advance for your help. Your brother in snort Alwin --- Martin Roesch <roesch () sourcefire com> wrote:Which unified output option are you guys using? -Marty On 10/1/02 8:57 AM, "Alwin Raymundo" <alrayworld () yahoo com> wrote:Hi Ron, Yap to me the payload is very important. for myownopinion. we know that somebody trying to do some nasty thing to our server but how? without the payload its look like I shooting inthedark. Thanks --- Ron Shuck <rshuck () Buchanan com> wrote:Hey Alwin, I found the same results. I haven't heard ifthereare plans to include this, or if it should work and we just missed something. Ron Shuck, CISSP - Managing Consultant Buchanan Associates - A Technology Company in the People Business http://www.buchanan.com http://www.isc2.org ---original message--- Date: Mon, 30 Sep 2002 11:36:39 -0700 (PDT) From: Alwin Raymundo <alrayworld () yahoo com> To: user snort<snort-users () lists sourceforge net>Subject: [Snort-users] barnyard (Payload) Hi Everybody, I don't know if this is already posted inpreviousdiscussion and this morning I just setup the barnyard. I like it because it fast to log all packets inmymysql and acid but I notice there is no payload. Is this normal? is there in another way to getthepayload?. Any help would be appreciated. Thanks in advance.ATTACHMENT part 2 application/x-pkcs7-signaturename=smime.p7s ===== Alwin Raymundo __________________________________________________ Do you Yahoo!? New DSL Internet Access from SBC & Yahoo! http://sbc.yahoo.com-------------------------------------------------------This sf.net email is sponsored by: DEDICATEDSERVERS only $89!Linux or FreeBSD, FREE setup, FAST network. Getyour own servertoday at http://www.ServePath.com/indexfm.htm _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options orunsubscribe:https://lists.sourceforge.net/lists/listinfo/snort-usersSnort-users list archive:http://www.geocrawler.com/redir-sf.php3?list=snort-users-- Martin Roesch - Founder/CTO Sourcefire Inc. - (410) 290-1616 Sourcefire: Professional Snort Sensor and Management Console appliances roesch () sourcefire com - http://www.sourcefire.com Snort: Open Source Network IDS - http://www.snort.org-------------------------------------------------------This sf.net email is sponsored by: DEDICATED SERVERS only $89! Linux or FreeBSD, FREE setup, FAST network. Get your own server today at http://www.ServePath.com/indexfm.htm _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe:https://lists.sourceforge.net/lists/listinfo/snort-usersSnort-users list archive:http://www.geocrawler.com/redir-sf.php3?list=snort-users ===== Alwin Raymundo __________________________________________________ Do you Yahoo!? New DSL Internet Access from SBC & Yahoo! http://sbc.yahoo.com
-- Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616 Sourcefire: Snort-based Enterprise Intrusion Detection Infrastructure roesch () sourcefire com - http://www.sourcefire.com Snort: Open Source Network IDS - http://www.snort.org ------------------------------------------------------- This sf.net email is sponsored by: viaVerio will pay you up to $1,000 for every account that you consolidate with us. http://ad.doubleclick.net/clk;4749864;7604308;v? http://www.viaverio.com/consolidator/osdn.cfm _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- barnyard (Payload) Ron Shuck (Oct 01)
- Re: barnyard (Payload) Alwin Raymundo (Oct 01)
- Re: barnyard (Payload) Martin Roesch (Oct 01)
- Re: barnyard (Payload) Alwin Raymundo (Oct 15)
- Re: barnyard (Payload) Jens Krabbenhoeft (Oct 15)
- Re: barnyard (Payload) Martin Roesch (Oct 15)
- Re: barnyard (Payload) Alwin Raymundo (Oct 16)
- Re: barnyard (Payload) Jens Krabbenhoeft (Oct 16)
- Re: barnyard (Payload) Martin Roesch (Oct 16)
- Re: barnyard (Payload) Martin Roesch (Oct 01)
- Re: barnyard (Payload) Alwin Raymundo (Oct 01)
- Re: barnyard (Payload) Alwin Raymundo (Oct 15)
- Re: barnyard (Payload) Bamm Visscher (Oct 15)