Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Barnyard snorts, but no Alerts cached

From: "Andrew R. Baker" <andrewb () snort org>
Date: Sat, 03 Apr 2004 18:40:11 -0500
Michael Miller wrote:

I had everything up and running smoothly but ran into a snag when trying
to configure barnyard for a second sensor. Left with a database that had
an extra 500,000 events I couldn’t see, I dropped and recreated the
database with the scripts from the controb folder in snort 2.1.0.



Now barnyard sees new logs, says it imports them, and ACID’s Total
Events log climbs, but when I press Update Alert Cache, no alerts get
added to the cache.


What is the configuration line you are using for Barnyard?  If you have
specified the sensor_id option, did you create an entry in the sensor
table for it?

-A



-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: