Snort mailing list archives

Re: Base Barnyard and Unified Logs

From: Wes Young <wcyoung () buffalo edu>
Date: Mon, 14 Mar 2005 16:19:39 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ah ha....

Barnyard only inserts the SIG NAME if it doesnt exist in the snort table
already, not based on msg map readin. So, if you start base on a 'not so
fresh' start of barnyard, you'll get all the snort data, but if you F'd
your sig table, it won't add it without a manual script, that reads the
sigmap in and then inserts it... might be a nice addition to either
project... might take up space... but not that much...

eof

Wes Young wrote:
| I thought barnyard uses the sid-msg.map to read the sid and then inserts
| ~ the sig details to the DB, no? I don't specify the sid-msg.map anywhere
| else, hense why Aanval works perfectly, but base, does not.
|
| There must be a slight problem with the way base looks up sig info and a
| slight problem how barnyard stores it.
|
| Michael Scheidell wrote:
| | The issues is barnyard.
| |
| | Barnyard only stores the sid, and THEN, reads sid-msg.map for signature
| | description.
| |
| |
|

- -------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



- --
Wes Young
Network Security Analyst
University at Buffalo
GPG Key: http://saxjazman9-security.blogspot.com/2005/01/gpg-key.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFCNf/r1M5o0FsrrbERApgFAJ9qWU0aqCiggDQIBkNtr86x4/WeMgCgnOAI
GYAlhbFA857IGSRBLn4Qmdw=
=za3C
-----END PGP SIGNATURE-----


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Base Barnyard and Unified Logs Wes Young (Mar 14)
- <Possible follow-ups>
- RE: Base Barnyard and Unified Logs Michael Scheidell (Mar 14)
  - RE: Base Barnyard and Unified Logs Jim O'Leary (Mar 14)
  - Re: Base Barnyard and Unified Logs Wes Young (Mar 14)
    - Re: Base Barnyard and Unified Logs Wes Young (Mar 14)
    - Re: Base Barnyard and Unified Logs Paul Schmehl (Mar 14)
    - Re: Base Barnyard and Unified Logs Wes Young (Mar 14)
    - Re: Base Barnyard and Unified Logs Esler, Joel CNTR/Sytex (Mar 14)
    - Re: Base Barnyard and Unified Logs Wes Young (Mar 14)
    - Re: Base Barnyard and Unified Logs Paul Schmehl (Mar 14)
    - Re: Base Barnyard and Unified Logs Wes Young (Mar 14)
    - RE: Base Barnyard and Unified Logs Lee Clemens (Mar 14)
    - Re: Base Barnyard and Unified Logs Joel Esler (Mar 21)
    - Re: Base Barnyard and Unified Logs Wes Young (Mar 14)
    - Re: Base Barnyard and Unified Logs Jerry (Mar 25)

(Thread continues...)