Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Barnyard part 2

From: "Esler, Joel - Contractor" <joel.esler () rcert-s army mil>
Date: Thu, 29 Jul 2004 08:46:17 -0400
I see that my Snort -> mysql used the "log" facility.  Is there a
similar command in barnyard, or do I have to change my rules from alert
to log?
 
J
-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Esler,
Joel - Contractor
Sent: Thursday, July 29, 2004 8:40 AM
To: snort-users () lists sourceforge net; Maetzky, Steffen (Extern)
Subject: [Snort-users] Barnyard part 2


Okay, Now, previous setup was Snort logging directly to mysql.  Now it
is logging to unified, Barnyard is now processing the mysql entries,
however, it is not inputting the packet data into ACID.  Where did the
packet data go?
 
J
 
(barnyard.conf)
 
output alert_acid_db: mysql, sensor_id 7, database snort, server
127.0.0.1, user snort
output log_acid_db: mysql, database snort, server 127.0.0.1, user snort,
detail full
 
Do i need to comment out alert_acid_db, and make it just "log_acid_db?
Previous By Date Next
Previous By Thread Next

Current thread: