Snort mailing list archives

Previous By Date Next
Previous By Thread Next

AW: [Barnyard-users] NIDS newbie question

From: "Poppi, Sandro" <Sandro.Poppi () wacker com>
Date: Mon, 13 May 2002 07:40:13 +0200
Hi,

for me it seems you are using either an older version of snort or barnyard.
I'm using barnyard from cvs (Version 0.1.0-dev Build 7) and snort-current
(Version 1.8.7beta1 Build 113), with that config I do get the correct values
in ACID (although log_dump and alert_html seem not to work for me).

HTH,
Sandro


hi all!

i'm a newbie in NIDS, so sorry if this question have already 
been asked. i
successfully installed snort together with barnyard.
i am using the unified log ouput on snort and barnyard successfully
converted it to readable format, however, the ip addresses on 
the alert
logfile generated by barnyard were in reversed format. see below:
--------------------------------------------------------------
----------
05/10/02-10:54:26.660798  {ICMP} 11.0.168.192 -> 11.0.0.10
[**] [1:376:4] ICMP PING Microsoft Windows [**]
[Classification: Misc activity] [Priority: 3]
[Xref => http://www.whitehats.com/info/IDS159]
--------------------------------------------------------------
----------

how do i forced either snort or barnyard to log those ip addresses in
correct format? i am also running a perl script (guardian) 
that collects
ip addresses on the alert logfile for dynamic blocking of offending ip
address on our firewall.
any inputs or suggestions would be appreciated.

tia

concordio m. pajayat, jr.
open source technology enthusiast
pilipino internet, inc.
conpaj at PILNET dot COM

[  Sent through PILNET WebMail System - http://webmail.pilnet.com/  ]
[  "Go beyond the quest for information!"  -  
http://www.pilnet.com/   ]



_______________________________________________________________

Have big pipes? SourceForge.net is looking for download 
mirrors. We supply
the hardware. You get the recognition. Email Us: 
bandwidth () sourceforge net
_______________________________________________
Barnyard-users mailing list
Barnyard-users () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/barnyard-users



_______________________________________________________________

Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: bandwidth () sourceforge net
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: