Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: How Can I display the rule name instead of the ID with ACID?

From: Nigel Houghton <nigel () sourcefire com>
Date: Tue, 13 May 2008 08:01:42 -0400
On 5/13/08 5:11 AM, "Berta Alcala" <berta83 () gmail com> wrote:


Thank you very much for your reply.
As Matt says, what I really want is, how to display the signature description
on "sig_name" field instead of the signature ID.
I don't use barnyard, nor BASE. So the first thing I'm going to do is
installing Base. Do I need to use barnyard?

Regards,
Berta

2008/5/12 Joel Esler <joel.esler () mac com>:

So, if by displaying just the sig-id in the signature field, instead
of the name of the signature, this leads me to believe that you are
using barnyard to read unified files and output their contents into
the db.

What the problem is, is not a problem with base, acid, or even Snort.
It's a misconfiguration in Barnyard.  You don't have your barnyard
reading your correct sid-msg.map file.


Make sure you have a correctly generated sid-msg.map and that it is readable
by the database user. If you use oinkmaster there is a script in the contrib
section that will build it for you.

--
Nigel Houghton
Resident Hooligan
SF VRT


-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft 
Defy all challenges. Microsoft(R) Visual Studio 2008. 
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: