[Discussion] Problem with output of unified2 for banayard2
Miler Alberto Garcia Villanueva
phl4kx at gmail.com
Tue May 25 18:38:00 EDT 2010
Addition information:
classification.config
----------------
config classification: attempted-recon,Attempted Information Leak,2
barnyard2.config
----------------
config reference_file: /usr/local/etc/suricata/reference.config
config classification_file: /usr/local/etc/suricata/classification.config
config gen_file: /usr/local/etc/suricata/gen-msg.map
config sid_file: /usr/local/etc/suricata/sid-msg.map
all the path are correct.
Run Barnyard2
----------------
barnyard2 -c /usr/local/etc/barnyard2.conf -d /var/log/suricata -f
unified2.alert
______ -*> Barnyard2 <*-
/ ,,_ \ Version 2.1.9-beta1 (Build 251)
2010/5/25 Miler Alberto Garcia Villanueva <phl4kx at gmail.com>:
> Hi all, recently I have a problem with the output of unified2 when
> banyard2 read the unified2.alert.* files, the problem is that
> barnyard2 can read the unified2.alert.* files of suricata log but
> cant identify what is the classification, the alert output is like
> this in barnyard:
>
> <bridge0> ET SCAN NMAP -sS window 4096 [**] [Classification ID:
> (null)] [Priority ID: 3]
>
> Classification ID: null and priority of 3,
>
> The output of alert and fast.log of suricata identify correctly the
> classification,
>
> I contact with developers of banyard2 and say me that maybe is a
> problem with the log (unified2.alert.* files) generated by suricata
>
> Thanks a lot
>
> Miler
>
More information about the Discussion
mailing list