Snort mailing list archives

Previous By Date Next
Previous By Thread Next

logging to MySql....stumped

From: "Scott Renna" <srenna () d-a-s com>
Date: Mon, 21 Jul 2003 15:16:28 -0400
Hello,

Now that I've gotten some help in editing configure.in in Barnyard to
work with MySQLServer 4.0....it's up and running and seems to be doing
its job.  It's no longer producing any errors however, it doesn't look
like it's actually logging to ACID.  I've run a few port scans and snort
is picking up the scans and creating alert and log files.  ACID is not
displaying the result however.  Here's my command line and data when
running barnyard:

barnyard -c /usr/local/etc/barnyard.conf -f /var/log/snort/snort.log -s
/usr/local/etc/snort/sid-msg.map -g /
usr/local/etc/snort/gen-msg.map -w /var/log/snort/waldo.log -L
/var/log/snort/barnyard/barnyard.log &

-*> Barnyard! <*-
Version 0.1.0 (Build 17)
By Andrew R. Baker (andrewb () snort org)
and Martin Roesch (roesch () sourcefire com, www.snort.org)

Loading Data Processors...
dp_alert loaded
dp_log loaded
dp_stream_stat loaded
Loading Built-in Output Plugins...
Fast Alert plugin initialized
AlertSyslog initialized
Log Dump plugin initialized
LogPcap initialized
AcidDb output plugin initialized
AlertCSV initialized
Parsing Config file: /usr/local/etc/barnyard.conf
Args: mysql, sensor_id 1, database snort, server localhost, user root,
password XXXXXXX
Args: mysql, database snort, server localhost, user root, password
XXXXXX, detail full
Barnyard Version 0.1.0 (Build 17) started
AcidDbOpStart
OpAcidDB configuration details
Database Flavour: mysql
Detail Level: Fast
Database Server: localhost
Database User: root
SensorID: 1
AcidDbOpStart Complete

Yes..i know running the database user as root is bad...it will change,
but i really want to get this working.  Anyone else out there have
anything to offer on this problem?
Does ACID post it right away or will it take some time after the scan?



***************************
Scott Renna
Head Systems Administrator
Dynamic Animation Systems
703-503-0500

*************************** 



-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the
same time. Free trial click here: http://www.vmware.com/wl/offer/345/0
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: