OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Alwin Raymundo (alrayworld_at_yahoo.com)
Date: Tue Oct 15 2002 - 07:37:30 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Hi Marty,

    Sorry I'm busy this week and I just open my email.

    in my snort.conf
    output aler_unified: filename snort.alert, limit 128

    in barnyard.conf
    config hostname: snorthost
    config interface: fxp0
    config filter: not port 22
    processor dp_alert
    processor dp_log
    processor dp_stream_stat
    output alert_fast
    output log_dump
    output alert_acid_db: mysql, sensor_id 1, database
    snort, server localhost, user usnort, password loghog

    I'm new with barnyard. Thanks in Advance for your
    help.

    Your brother in snort

    Alwin
    --- Martin Roesch <roeschsourcefire.com> wrote:
    > Which unified output option are you guys using?
    >
    > -Marty
    >
    >
    > On 10/1/02 8:57 AM, "Alwin Raymundo"
    > <alrayworldyahoo.com> wrote:
    >
    > > Hi Ron,
    > >
    > > Yap to me the payload is very important. for my
    > own
    > > opinion. we know that somebody trying to do some
    > > nasty thing to our server but how?
    > >
    > > without the payload its look like I shooting in
    > the
    > > dark.
    > >
    > > Thanks
    > >
    > >
    > > --- Ron Shuck <rshuckBuchanan.com> wrote:
    > >> Hey Alwin,
    > >>
    > >> I found the same results. I haven't heard if
    > there
    > >> are plans to include
    > >> this, or if it should work and we just missed
    > >> something.
    > >>
    > >>
    > >> Ron Shuck, CISSP - Managing Consultant
    > >> Buchanan Associates - A Technology Company in the
    > >> People Business
    > >> http://www.buchanan.com
    > >> http://www.isc2.org
    > >>
    > >>
    > >> ---original message---
    > >> Date: Mon, 30 Sep 2002 11:36:39 -0700 (PDT)
    > >> From: Alwin Raymundo <alrayworldyahoo.com>
    > >> To: user snort
    > <snort-userslists.sourceforge.net>
    > >> Subject: [Snort-users] barnyard (Payload)
    > >>
    > >> Hi Everybody,
    > >>
    > >> I don't know if this is already posted in
    > previous
    > >> discussion and this morning I just setup the
    > >> barnyard.
    > >> I like it because it fast to log all packets in
    > my
    > >> mysql and acid but I notice there is no payload.
    > >>
    > >> Is this normal? is there in another way to get
    > the
    > >> payload?.
    > >>
    > >> Any help would be appreciated.
    > >>
    > >> Thanks in advance.
    > >>
    > >>
    > >>
    > >>
    > >
    > >> ATTACHMENT part 2 application/x-pkcs7-signature
    > > name=smime.p7s
    > >
    > >
    > >
    > > =====
    > > Alwin Raymundo
    > >
    > > __________________________________________________
    > > Do you Yahoo!?
    > > New DSL Internet Access from SBC & Yahoo!
    > > http://sbc.yahoo.com
    > >
    > >
    > >
    >
    -------------------------------------------------------
    > > This sf.net email is sponsored by: DEDICATED
    > SERVERS only $89!
    > > Linux or FreeBSD, FREE setup, FAST network. Get
    > your own server
    > > today at http://www.ServePath.com/indexfm.htm
    > > _______________________________________________
    > > Snort-users mailing list
    > > Snort-userslists.sourceforge.net
    > > Go to this URL to change user options or
    > unsubscribe:
    > >
    >
    https://lists.sourceforge.net/lists/listinfo/snort-users
    > > Snort-users list archive:
    > >
    >
    http://www.geocrawler.com/redir-sf.php3?list=snort-users
    > >
    > >
    >
    > --
    > Martin Roesch - Founder/CTO Sourcefire Inc. - (410)
    > 290-1616
    > Sourcefire: Professional Snort Sensor and Management
    > Console appliances
    > roeschsourcefire.com - http://www.sourcefire.com
    > Snort: Open Source Network IDS -
    > http://www.snort.org
    >
    >
    >
    >
    -------------------------------------------------------
    > This sf.net email is sponsored by: DEDICATED SERVERS
    > only $89!
    > Linux or FreeBSD, FREE setup, FAST network. Get your
    > own server
    > today at http://www.ServePath.com/indexfm.htm
    > _______________________________________________
    > Snort-users mailing list
    > Snort-userslists.sourceforge.net
    > Go to this URL to change user options or
    > unsubscribe:
    >
    https://lists.sourceforge.net/lists/listinfo/snort-users
    > Snort-users list archive:
    >
    http://www.geocrawler.com/redir-sf.php3?list=snort-users

    =====
    Alwin Raymundo

    __________________________________________________
    Do you Yahoo!?
    New DSL Internet Access from SBC & Yahoo!
    http://sbc.yahoo.com

    -------------------------------------------------------
    This sf.net email is sponsored by:ThinkGeek
    Welcome to geek heaven.
    http://thinkgeek.com/sf
    _______________________________________________
    Snort-users mailing list
    Snort-userslists.sourceforge.net
    Go to this URL to change user options or unsubscribe:
    https://lists.sourceforge.net/lists/listinfo/snort-users
    Snort-users list archive:
    http://www.geocrawler.com/redir-sf.php3?list=snort-users