Snort>Unified2>Barnyard2>Syslog

[amN0P () me com]

Hi everyone,

Cannot figure this out. I have barnyard2 reading unified2 Snort output. Barnyard2 is configured to dump syslog. In 
syslog files I am getting these types of Snort alerts:

Jan 12 13:43:41 argonatl snort: [1:20584:1] Snort Alert [1:20584:0] [Classification: Web Application Attack] <remaining 
part suppressed>

Not sure why the exact rule name is replaced by "Snort Alert". This alert has msg missing as well. The above type of 
alerts are getting reported along with alerts with expected/correct (with proper alert name and msg) alerts like.

Jan 12 13:43:41 argonatl snort: [1:12391:3] POLICY Google Webmail client chat applet [Classification: Potential Corporate 
Privacy Violation] [Priority: 1]:<remaining part suppressed>

Not sure what I am doing wrong. Can you please point me to the right direction.

Thanks,
Amit

------------------------------------------------------------------------------
RSA(R) Conference 2012
Mar 27 - Feb 2
Save $400 by Jan. 27
Register now!
http://p.sf.net/sfu/rsa-sfdev2dev2

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!