Snort mailing list archives
Re: [Barnyard-users] Re: barnyard logging problems
From: "Andrew R. Baker" <andrewb () snort org>
Date: Fri, 26 Sep 2003 10:59:54 -0400
Bamm Visscher wrote:
Just to clarify, you can't have more than one instance of barnyard using the same sid (sensor id), reporting to the DB. You can, however, have many different barnyard procs using a different sids reporting to the same DB. And I also just noticed that in the config files below, you ARE using different sids. (Note to self, don't reply to emails until AFTER the first cup of coffee. Are you sure that none of your other sensors aren't using the sid '3'?
Actually, we cannot be sure that they are both using different sensor_ids. config #1 is using sensor_id #4, config #2 is querying the database for the sensor id based on the tuple of hostname, interface, and filter.
Barnyard conf no 1: ------------------- snortdmz# more barnyard.conf.alert #config daemon config localtime config hostname: snort.dmz config interface: fxp0 config filter: not port 22 processor dp_alert processor dp_log processor dp_stream_stat output alert_fast output log_dump #output alert_syslog #output log_pcap output alert_acid_db: mysql, sensor_id 4, database snort_log, server 127.0.0.1, user snort, password ***** #output log_acid_db: mysql, database snort_log, server 127.0.0.1, user snort,password *****, detail full Barnyard conf no 2: -------------------snortdmz# more barnyard.conf.log #config daemon config localtime config hostname: snort.dmz config interface: fxp0 config filter: not port 22 processor dp_alert processor dp_log processor dp_stream_stat #output alert_fast #output log_dump #output alert_syslog #output log_pcap #output alert_acid_db: mysql, sensor_id 3, database snort_log, server 127.0.0.1, user snort, password ***** output log_acid_db: mysql, database snort_log, server 127.0.0.1, user snort,password *****, detail full
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- barnyard logging problems Jason (Sep 26)
- RE: barnyard logging problems Gordon Cunningham (Sep 26)
- Re: barnyard logging problems Bamm Visscher (Sep 26)
- Re: barnyard logging problems Bamm Visscher (Sep 26)
- Re: [Barnyard-users] Re: barnyard logging problems Andrew R. Baker (Sep 26)
- Re: barnyard logging problems Bamm Visscher (Sep 26)