Snort mailing list archives
Re: RE: Barnyard not inserting on ACID tables in MySQL, just regular
From: Pedro Fortuna <pedro.fortuna () gmail com>
Date: Thu, 2 Sep 2004 10:00:21 +0100
Hello again Dirk,
You're right! I configured barnyard with the blank sb, removed the
"sensor_id" keyword, restarted barnyard, loaded ACID page, and there
they were, all the alerts I've have since I configured snort with
unified output module.
mmm.... another thing ... Currently i'm using this command to start barnyard:
$BARNYARD_PATH/barnyard -D -w barn.waldo -c /etc/snort/barnyard.conf
-g /etc/snort/gen-msg.map -s /etc/snort/sid-msg.map -f snort.log
To get thinks well done, i guess I could add a couple of switches.
Do you recommend adding -n and -a ? I don't want barnyard duplicating
database entries between restarts.... exactly how barnyard handles
this?
Thanks for your prompt and wise answers :)
Pedro Fortuna
On Thu, 02 Sep 2004 09:55:50 +0200, Dirk Geschke <dirk_geschke () genua de> wrote:
Hi Pedro,I've just took a peek at my two "blank" snort databases that I attempted to get working with barnyard, and this is strange... but the sensor table is completly empty in both..... so, there couldn't be a last_cid field... this means that barnyard fails to create new sensor entrys... anyway, it seems there's a bug laying here in barnyard...I think there is a problem with the sensor_id keyword in barnyard. If this is set then barnyard tries to get the information for this sensor from the database. But if this sensor does not exist then he will stop working instead of inserting it. If you use "sensor_id" then remove this entry form the output log_acid_db line and try it again... Best regards Dirk
------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: Barnyard not inserting on ACID tables in MySQL, just regular Pedro Fortuna (Sep 02)
- Re: RE: Barnyard not inserting on ACID tables in MySQL, just regular Dirk Geschke (Sep 02)
- Re: RE: Barnyard not inserting on ACID tables in MySQL, just regular Pedro Fortuna (Sep 02)
- Re: RE: Barnyard not inserting on ACID tables in MySQL, just regular Dirk Geschke (Sep 02)
- Re: RE: Barnyard not inserting on ACID tables in MySQL, just regular Pedro Fortuna (Sep 02)
- Re: RE: Barnyard not inserting on ACID tables in MySQL, just regular Dirk Geschke (Sep 02)