Snort mailing list archives
Re: barnyard (Payload)
From: Alwin Raymundo <alrayworld () yahoo com>
Date: Tue, 15 Oct 2002 06:05:34 -0700 (PDT)
Hi Bamm, Thanks for your help. I have a few question for you if you dont mind. 1. where I can find this op_acid_db? I follow what you have stated below in snort.conf output log_unified: filename snort.log, limit 128 in my barnyard.conf config hostname: snorthost config interface: fxp0 config filter: not port 22 processor dp_alert processor dp_log processor dp_stream_stat output alert_fast output log_dump output alert_acid_db: mysql, sensor_id 1, database snort, server localhost, user usnort, password loghog When I ran BY I got this error messages -*> Barnyard! <*- Version 0.1.0-rc3 (Build 11) By Andrew R. Baker (andrewb () snort org) and Martin Roesch (roesch () sourcefire com, www.snort.org) Loading Data Processors... dp_alert loaded dp_log loaded dp_stream_stat loaded Loading Built-in Output Plugins... Fast Alert plugin initialized AlertSyslog initialized Log Dump plugin initialized LogPcap initialized AcidDb output plugin initialized AlertCSV initialized Parsing Config file: /etc/snort/barnyard.conf Args: mysql, sensor_id 1, database snort, server localhost, user usnort, password loghog WARNING: absolute path in -f <filename> is overriding -d <spool_dir> setting. WARNING: spool_dir set to "/var/log/snort" Barnyard Version 0.1.0-rc3 (Build 11) started ERROR => No input plugin found for magic: a1b2c3d4 what does it mean "no input plugin found for magic: a1b2c3d4" I search for this in the previous usenet but the advice was to upgrade the barnyard and the rules but I think I have the new one. I'm new with barnyard. Thanks in Advance for your help --- Bamm Visscher <bamm () satx rr com> wrote:
I use a modified (different DB schema) op_acid_db and it inserts "payload" data. op_acid_db should also. Check to make sure you are using the log_unifed output plugin (alert_unified doesn't log packet data). When you run BY, make sure it is reading the log_unified output (i.e. -f snort.log). IIRC, BY cannot read log_unified and alert_unified at the same time. Finally, in your barnyard.conf, make sure you use 'output log_acid_db' (vice 'output alert_acid_db'. Bammkkkk On Tue, 2002-10-01 at 07:31, Ron Shuck wrote:Hey Alwin, I found the same results. I haven't heard if thereare plans to includethis, or if it should work and we just missedsomething.Ron Shuck, CISSP - Managing Consultant Buchanan Associates - A Technology Company in thePeople Businesshttp://www.buchanan.com http://www.isc2.org ---original message--- Date: Mon, 30 Sep 2002 11:36:39 -0700 (PDT) From: Alwin Raymundo <alrayworld () yahoo com> To: user snort <snort-users () lists sourceforge net> Subject: [Snort-users] barnyard (Payload) Hi Everybody, I don't know if this is already posted in previous discussion and this morning I just setup thebarnyard.I like it because it fast to log all packets inmymysql and acid but I notice there is no payload. Is this normal? is there in another way to get the payload?. Any help would be appreciated. Thanks in advance.
-------------------------------------------------------
This sf.net email is sponsored by: DEDICATED SERVERS only $89! Linux or FreeBSD, FREE setup, FAST network. Get your own server today at http://www.ServePath.com/indexfm.htm _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users ===== Alwin Raymundo __________________________________________________ Do you Yahoo!? New DSL Internet Access from SBC & Yahoo! http://sbc.yahoo.com ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- barnyard (Payload) Ron Shuck (Oct 01)
- Re: barnyard (Payload) Alwin Raymundo (Oct 01)
- Re: barnyard (Payload) Martin Roesch (Oct 01)
- Re: barnyard (Payload) Alwin Raymundo (Oct 15)
- Re: barnyard (Payload) Jens Krabbenhoeft (Oct 15)
- Re: barnyard (Payload) Martin Roesch (Oct 15)
- Re: barnyard (Payload) Alwin Raymundo (Oct 16)
- Re: barnyard (Payload) Jens Krabbenhoeft (Oct 16)
- Re: barnyard (Payload) Martin Roesch (Oct 16)
- Re: barnyard (Payload) Martin Roesch (Oct 01)
- Re: barnyard (Payload) Alwin Raymundo (Oct 01)
- Re: barnyard (Payload) Alwin Raymundo (Oct 15)
- Re: barnyard (Payload) Bamm Visscher (Oct 15)