|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Andrew R. Baker (andrewb_at_snort.org)
Date: Sun Oct 06 2002 - 10:34:53 CDT
Michael Scheidell wrote:
> this is where change logs, and server configuration logs should be required
> (by me!)
> Three systems, identical (well, obviously not!)
> Two systems show classification next that is NOT the same as was requested
> md5 checksums on barnyard and classification.config are exact.
> md5 checksums on snort are exact.
>
> even cerebus shows it off by one when it reads the barnyard file.
>
> what and where and how does snort send that info to barnyard?
> does it send it an 'index' number? after reading the sid-map file?
> I guess there could be problem if that 'index' number changed, ie a new
> sid-msg file, right?
>
> in fast.alert plugin for barnyard,
> Version 0.1.0-rc2 (Build 11)
> using released snort 1.9.0
Barnyard had a bug where it indexed the classifications differently than
Snort did (off by one). I sent out a patch a few weeks ago that fixed
this. Hopefully I can get a new tarball up on snort.org today or tomorrow.
-A
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users
lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]