Snort mailing list archives
ACID not displaying data from Barnyard
From: "Francis A. Vidal" <francisv-sender-58ad63 () irc dagupan com>
Date: Fri, 8 Aug 2003 10:28:37 +0800
Hi all, I have Snort 2.0.1 running with Barnyard 0.1.0 logging it to a MySQL (3.23.51) DB. I can confirm that Barnyard is successfully logging data by inspecting the event table: mysql> select count(*) from event; +----------+ | count(*) | +----------+ | 8691 | +----------+ 1 row in set (0.01 sec) However, when I open up ACID (I have to versions running parallel, v0.9.6b24 and v0.9.6b23), I couldn't see anything! Here's a sample data from the event table: sid cid signature timestamp 1 1 3 2003-08-08 00:22:00 1 2 3 2003-08-08 00:22:01 1 3 3 2003-08-08 00:22:22 I'm running Snort and Barnyard using these command lines: snort -dDo -i xl0 -l /var/log/snort -c /usr/local/etc/snort.conf barnyard -D -c /usr/local/etc/barnyard.conf \ -s /usr/local/share/snort/sid-msg.map \ -g /usr/local/share/snort/gen-msg.map \ -w /usr/local/var/barnyard/checkpoint \ -d /var/log/snort \ -f snort.log Snort is logging using these output plugins: output log_tcpdump: tcpdump.log output alert_unified: filename snort.alert, limit 50 output log_unified: filename snort.log, limit 50 Barnyard is configured to write to the MySQL DB using this: output log_acid_db: mysql, sensor_id 1, database dbname, server localhost, user dbuser, password dbpasswd, detail full The files inside /var/log/snort: alert scan.log snort.alert.1060302116 snort.log.1060302116 tcpdump.log.1060302116 --- francis a. vidal [bitstop network services] | http://www.bnshosting.net streaming media + web hosting | http://www.bitstop.ph v(02)330-2871,(02)330-2872; f(02)330-2873 | http://www.kuro.ph ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- ACID not displaying data from Barnyard Francis A. Vidal (Aug 07)
- <Possible follow-ups>
- ACID not displaying data from Barnyard Francis A. Vidal (Aug 08)
- RE: ACID not displaying data from Barnyard francisv (Aug 11)