| Main Archive Page > Month Archives > snort-users archives |
Re: [Snort-users] How Can I display the rule name instead of the ID with ACID?
From: Nigel Houghton <nigel_at_nospam>Date: Tue May 13 2008 - 12:01:42 GMT
To: Berta Alcala <berta83@gmail.com>
On 5/13/08 5:11 AM, "Berta Alcala" <berta83@gmail.com> wrote:
> Thank you very much for your reply.
> As Matt says, what I really want is, how to display the signature description
> on "sig_name" field instead of the signature ID.
> I don't use barnyard, nor BASE. So the first thing I'm going to do is
> installing Base. Do I need to use barnyard?
>
> Regards,
> Berta
>
> 2008/5/12 Joel Esler <joel.esler@mac.com>:
>> So, if by displaying just the sig-id in the signature field, instead
>> of the name of the signature, this leads me to believe that you are
>> using barnyard to read unified files and output their contents into
>> the db.
>>
>> What the problem is, is not a problem with base, acid, or even Snort.
>> It's a misconfiguration in Barnyard. You don't have your barnyard
>> reading your correct sid-msg.map file.
Make sure you have a correctly generated sid-msg.map and that it is readable by the database user. If you use oinkmaster there is a script in the contrib section that will build it for you. -- Nigel Houghton Resident Hooligan SF VRT ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users