[Discussion] Problem with output of unified2 for banayard2

Miler Alberto Garcia Villanueva phl4kx at gmail.com
Tue May 25 18:38:00 EDT 2010

Addition information:

config classification: attempted-recon,Attempted Information Leak,2

config reference_file:      /usr/local/etc/suricata/reference.config
config classification_file: /usr/local/etc/suricata/classification.config
config gen_file:            /usr/local/etc/suricata/gen-msg.map
config sid_file:            /usr/local/etc/suricata/sid-msg.map

all the path are correct.

Run Barnyard2
barnyard2 -c /usr/local/etc/barnyard2.conf -d /var/log/suricata -f

   ______   -*> Barnyard2 <*-
  / ,,_  \  Version 2.1.9-beta1 (Build 251)

2010/5/25 Miler Alberto Garcia Villanueva <phl4kx at gmail.com>:
> Hi all, recently I have a problem with the output of unified2 when
> banyard2 read the unified2.alert.* files, the problem is that
> barnyard2 can read the unified2.alert.* files of suricata log  but
> cant identify what is the classification, the alert output is like
> this in barnyard:
> <bridge0> ET SCAN NMAP -sS window 4096  [**] [Classification ID:
> (null)] [Priority ID: 3]
> Classification ID: null   and priority of 3,
> The output of alert and fast.log of suricata identify correctly the
> classification,
> I contact with developers of banyard2 and say me that maybe is a
> problem with the log (unified2.alert.* files) generated by suricata
> Thanks a lot
> Miler

More information about the Discussion mailing list