Snort mailing list archives

Previous By Date Next
Previous By Thread Next

How to log dpx alerts/events using unified2, barnyard, mysql?

From: "Zeeuw, L.V. de" <l.v.de.zeeuw () hr nl>
Date: Sat, 08 Nov 2014 21:06:17 +0100
L.S.

I should like to use DPX to develop my own preprocessor and find its alerts in a SNORT MySQL db.

I have SNORT and a DPX based preprocessor running. Snort is using the  unified2 file format for logging. I use  
Barnyard2 and MySQL.  This seems to work ok.

But I find the output from my DPX based preprocessor (using _dpd.logMsg (dpx.c)) only in /var/log/messages.

I do not understand how to use _dpd.alertAdd.  What should be done so I will find the dpx alerts/events in my SNORT 
MySQL db?

How should  Generator ID, Snort Rule ID, Revision number, Classification number, priority, message  and rule info (I 
hope this is correct?) 
in _dpd.alertAdd(DPX GID, DPX SRC SID, 1, 0, 3, DPX SRC STR, 0) be used? What other files should be modified?

_dpd.alertAdd works in the test environment. (using ./test.sh)
It is logging 
x 256 1 0 
to the screen

Any help is appreciated.

Regards,

Luc de Zeeuw




------------------------------------------------------------------------------

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: