Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Load alerts read from file to database

From: "Al Lewis (allewi)" <allewi () cisco com>
Date: Sat, 4 Feb 2017 23:10:45 +0000
Are the alert files in unified2 format?

You may want to look here for some more info on barnyard.

https://github.com/firnsy/barnyard2


https://github.com/firnsy/barnyard2/tree/master/doc



Albert Lewis
ENGINEER.SOFTWARE ENGINEERING
SOURCEfire, Inc. now part of Cisco
Email: allewi () cisco com<mailto:allewi () cisco com>

From: Paul Li <paul () scybersecurity com<mailto:paul () scybersecurity com>>
Date: Saturday, February 4, 2017 at 1:05 AM
To: 'snort-users' <snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>>
Subject: [Snort-users] Load alerts read from file to database

I'm using Snort to read a file and Snort generates alerts. But when tried using Barnyard2 load these alerts to 
database, no alerts were loaded. Is there any configuration I should change to make it work, or Barnyard2 doesn't 
support loading alerts from files?

(When Snort generates alerts from monitoring a networking interface, Barnyard successfully loaded alerts to the 
database.)

Thanks,
Paul

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: