RE: [Snort-users] Barnyard Acid MySQL problem SOLVED
This is a discussion on RE: [Snort-users] Barnyard Acid MySQL problem SOLVED within the Snort forums, part of the System Security and Security Related category; Thanks for getting back so soon this took care of the problem my sid-msg.map file was in the ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
11-06-2003
|
|||
|
|||
RE: [Snort-users] Barnyard Acid MySQL problem SOLVED
Thanks for getting back so soon this took care of the problem my
sid-msg.map file was in the wrong spot... -Billy -----Original Message----- From: Robert Vance Jr [mailto:rev@northwestern.edu]=20 Sent: Thursday, November 06, 2003 12:41 PM To: snort-users@lists.sourceforge.net Subject: Re: [Snort-users] Barnyard Acid MySQL problem > When sending output to Acid/Mysql using only snort, my signature field > would list something like this below... >=20 > SCAN Proxy (8080) attempt >=20 > After setting up Barnyard I am now getting this... >=20 > Snort Alert [1:618:0] My first guess would be that when you fired up your barnyard process, you did not configure it to use the sid-msg.map file. This file maps signature ids to their respective alert message. So try something like this... /path/to/barnyard -s /path/to/sid-msg.map You'll want to include any other command line parameters that you're already using as well. rev -- ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...=3Dsnort-users ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
