prof-ninjason
commented
8 years ago This is plainly read through gen-msg.map as is. If I want parenthesis around the (snort_decoder), I can edit them with a sed command line.
Closed prof-ninjason closed 8 years ago
prof-ninjason
commented
8 years ago This is plainly read through gen-msg.map as is. If I want parenthesis around the (snort_decoder), I can edit them with a sed command line.
For those who are gathering stats might be wrong if they switched from snort's alerts to barnyard2's alerts
From ($preproc) to $preproc:
[Previous] (snort_decoder) WARNING: IPV6 ISATAP spoof [] [Current] snort_decoder: WARNING: IPV6 ISATAP spoof []
For example counting in mysql: 17 | (snort_decoder) WARNING: IPV6 ISATAP spoof [] 48 | snort_decoder: WARNING: IPV6 ISATAP spoof []