Snort mailing list archives
Configuring Barnyard with Bleeding threat rules
From: Christopher Rommel <cromme1 () exchange towson edu>
Date: Tue, 24 Jul 2007 15:45:06 -0400
I am having an issue with Barnyard providing me the correct alert information via the BASE console. I am running the following command: barnyard -c /etc/snort/barnyard.conf -g /etc/snort/gen-msg.map -s /etc/snort/bleeding-sid-msg-map.txt -d /var/log/snort -f snort.log -w /var/log/snort/barnyard.waldo On BASE, the alert information is displayed as follows: Snort Alert [1:2000562:0] In the bleeding-sid-msg-map.txt file, the ID 2000562 corresponds to: 2000562 || BLEEDING-EDGE VIRUS OUTBOUND Suspicious Email Attachment Does anyone have any ideas as to why I am not seeing "BLEEDING-EDGE VIRUS OUTBOUND Suspicious Email Attachment" for the alert as opposed to Snort Alert [1:2000562:0]? Thanks, Chris ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Configuring Barnyard with Bleeding threat rules Christopher Rommel (Jul 24)
- Re: Configuring Barnyard with Bleeding threat rules Paul Melson (Jul 24)
- <Possible follow-ups>
- Re: Configuring Barnyard with Bleeding threat rules Paul Melson (Jul 25)