Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Acid Snort Barnyard Payload

From: Kevin Peuhkurinen <kevin.peuhkurinen () hepcoe com>
Date: Mon, 10 Mar 2003 10:21:37 -0500
> When I tried to view the payload on acid, It say none
I had the same problem. In order for Barnyard to pass the packet data, it has to be working on the logs rather than the alerts. So, 

1) make sure that "output_log_unified" is set in snort.conf
2) make sure that "processor dp_log" is set in barnyard.conf
3) enable "output log_acid_db" in barnyard.conf and do NOT enable "output alert_acid_db". 4) start barnyard with the "-f" option pointing to the base name of your log files. In my case, this is "snort.log" 

That should do it.

Kevin




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: