Hi, is there any configuration option/s for Barnyard2 that I can use to write to a db table the "msg" field defined for a rule when it triggers?Currently I am only able to save the Signature name text defined in the sid-msg.map and to write the alert text to a file. I know it would be possible to write the fields I want from the file to a db with a script but would be lovely to have it done by default by barnyard. Any ideas?
PD:
my current configuration to save data to db is:
And the alert msg content is different from the text defined for the signature of that alert sid (which I wrote in the sid-msg.map file):
100000222 || Fake sid text I just made up
alert any $FAKENET1 any -> $FAKENET2 FAKEPORT (msg:"THE MESSAGE I WANT TO BE IN DB TOO"; sid:100000222);
Hi, is there any configuration option/s for Barnyard2 that I can use to write to a db table the "msg" field defined for a rule when it triggers?Currently I am only able to save the Signature name text defined in the sid-msg.map and to write the alert text to a file. I know it would be possible to write the fields I want from the file to a db with a script but would be lovely to have it done by default by barnyard. Any ideas?
PD: my current configuration to save data to db is:
output database: log, mysql, user=user password=password dbname=dbname host=host
And the alert msg content is different from the text defined for the signature of that alert sid (which I wrote in the sid-msg.map file): 100000222 || Fake sid text I just made up
alert any $FAKENET1 any -> $FAKENET2 FAKEPORT (msg:"THE MESSAGE I WANT TO BE IN DB TOO"; sid:100000222);
Thanks in advance.