Re: Configuring Barnyard with Bleeding threat rules

["Paul Melson" <pmelson () gmail com>]

> I am having an issue with Barnyard providing me the correct alert
information via the BASE console. I am 
> running the following command:
> barnyard -c /etc/snort/barnyard.conf -g /etc/snort/gen-msg.map -s
/etc/snort/bleeding-sid-msg-map.txt -d 
> /var/log/snort -f snort.log -w /var/log/snort/barnyard.waldo

You will need to rebuild sid-msg.map and gen-msg.map to include the
bleeding-edge rules.  I use the create_sidmap.pl script that comes with
oinkmaster and snort's '-c' flag:


(run after all rules are updated and copied into /opt/snort/rules)
/opt/oinkmaster/create_sidmap.pl /opt/snort/rules | sort -u >
/opt/snort/rules/sid-msg.map
/opt/snort/bin/snort -c /opt/snort/etc/snort.conf
--dump-dynamic-preproc-genmsg /opt/snort/rules/gen-msg.map

After the map files are regenerated you will want to restart barnyard so
that it rereads them.

PaulM




-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users