Snort mailing list archives
RE: output options in barnyard
From: "Chris Eidem" <ceidem () Dexma com>
Date: Wed, 31 Jul 2002 16:34:33 -0500
Chris Eidem wrote:I'm all confused, in barnyard.conf, alert_fast and log_pcap take an filename as an argument, but docs/USAGE states they do not. I'm assuming that they don't since barnyard complains mightilyif they'rethere. Ok, so I don't add a file name, but then, what iswritten where?I've looked in ./, /var/log, /var/log/snort, but no joy.The conf file is correct in this case. What error is it giving when you specify a filename?
andrew, here's the output from reload of the .conf file (shown bottom): root@cubanelle /usr/local/snort-beta$ kill -HUP 27669 AcidDbOpStop Reloading configuration Loading Data Processors... dp_alert loaded dp_log loaded root@cubanelle /usr/local/snort-beta$ dp_stream_stat loaded Loading Built-in Output Plugins... Fast Alert plugin initialized AlertSyslog initialized Log Dump plugin initialized LogPcap initialized AcidDb output plugin initialized AlertCSV initialized Parsing Config file: by-xl1.conf WARNING by-xl1.conf(8) => Unknown output plugin "alert_fast alert-xl1" referenced, ignoring!Args: mysql, sensor_id 1, database stest, server localhost, user snort, detail full, password snort WARNING ./classification.config(95): Duplicate classification "not-suspicious"found, ignoring this line ... [similar './classification.config(X):' warnings deleted for brevity ] ... Barnyard Version 0.1.0-rc2 (Build 11) started AcidDbOpStart OpAcidDB configuration details Database Flavour: mysql Detail Level: Full Database Server: localhost Database User: snort SensorID: 1 AcidDbOpStart Complete barnyard.conf ------------ config hostname: cubanelle config localtime config interface: xl1 config filter: not port 22 processor dp_alert processor dp_log processor dp_stream_stat output alert_fast alert-xl1 output log_pcap # output alert_acid_db: mysql, sensor_id 1, database stest, server localhost, user snort, password snort output log_acid_db: mysql, sensor_id 1, database stest, server localhost, user snort, detail full, password xxxxxxxxx thanks for your help, - chris ------------------------------------------------------- This sf.net email is sponsored by: Dice - The leading online job board for high-tech professionals. Search and apply for tech jobs today! http://seeker.dice.com/seeker.epl?rel_code1 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- output options in barnyard Chris Eidem (Jul 31)
- Re: output options in barnyard Andrew R. Baker (Jul 31)
- <Possible follow-ups>
- RE: output options in barnyard Chris Eidem (Jul 31)
- RE: output options in barnyard Steve Halligan (Jul 31)
- RE: output options in barnyard Steve Halligan (Jul 31)
- RE: output options in barnyard Chris Eidem (Aug 01)
- RE: output options in barnyard Virgil (Aug 05)