Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ARPspoof preprocessor, barnyard, & BASE

From: Michael B <miboe60 () hotmail com>
Date: Sun, 26 Apr 2015 12:56:16 +0200
I found the issue, it is due to BASE. For a description of how I fixed it: 
http://www.winsnort.com/topic/136-arpspoof-preprocesser-events-not-logged-to-database/

 


From: miboe60 () hotmail com
To: snort-users () lists sourceforge net
Date: Thu, 23 Apr 2015 17:01:47 +0200
Subject: [Snort-users] ARPspoof preprocessor, barnyard, & BASE




My Snort is up & running and loads of events are being logged. After weeding out some false positives, I wanted to test 
the arpspoof preprocessor. 
So I enabled:preprocessor arpspoof preprocessor arpspoof_detect_host: 192.168.1.1 58:6d:8f:a0:40:7f preprocessor 
arpspoof_detect_host: 192.168.1.3 d4:3d:7e:38:37:4dAnd ran a arp attack using ettercap. The problem is that these 
events do not show up in my winids (and neither in mysql database). It seems to be a similar problem to this: 
http://seclists.org/snort/2012/q1/99Now, Ive checked my barnyard output window, and the ettercap events DO show up 
there, they are just not shown in the BASE UI. My feeling is thus that it is a formatting issue: the arpspoof 
preprocessor outputs the events in a format which barnyard cannot log to mysql OR which are incompatible with the BASE 
interface. What I dont know is how I can solve this.                                     

------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!                                        
  
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: