Menu
▾
▴
[Snort-inline-users] Barnyard payload
|
From: Jochen V. <jv...@it...> - 2004-03-05 12:14:45
|
Hi, If snort log to ascii i get payload. If snort log to binary and barnyard write it to ascii i get no payload. Snort ------------- /usr/local/bin/snort -c /tmp/rules/snort.conf -i br0 -deQ -A none -------------- output alert_unified: filename snort.alert, limit 128 output log_unified: filename snort.log, limit 128 -------------- Barnyard ---------------- /usr/local/bin/barnyard -c $CONF/barnyard.conf -d $LOG \ -g /tmp/rules/gen-msg.map -s /tmp/rules/sid-msg.map \ -f snort.log -w $LOG/waldo.log ----------------- #output alert_fast output log_dump #output alert_syslog #output log_pcap #output alert_acid_db: mysql, database snort, server 192.168.0.48, user sensor #output log_acid_db: mysql, database snort, server 192.168.0.48, user sensor, detail full Any idea? Thx for help jo |
