Snort mailing list archives
RE: Barnyard part 2
From: "Esler, Joel - Contractor" <joel.esler () rcert-s army mil>
Date: Thu, 29 Jul 2004 08:46:17 -0400
I see that my Snort -> mysql used the "log" facility. Is there a similar command in barnyard, or do I have to change my rules from alert to log? J -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Esler, Joel - Contractor Sent: Thursday, July 29, 2004 8:40 AM To: snort-users () lists sourceforge net; Maetzky, Steffen (Extern) Subject: [Snort-users] Barnyard part 2 Okay, Now, previous setup was Snort logging directly to mysql. Now it is logging to unified, Barnyard is now processing the mysql entries, however, it is not inputting the packet data into ACID. Where did the packet data go? J (barnyard.conf) output alert_acid_db: mysql, sensor_id 7, database snort, server 127.0.0.1, user snort output log_acid_db: mysql, database snort, server 127.0.0.1, user snort, detail full Do i need to comment out alert_acid_db, and make it just "log_acid_db?
Current thread:
- Barnyard part 2 Esler, Joel - Contractor (Jul 29)
- <Possible follow-ups>
- RE: Barnyard part 2 Esler, Joel - Contractor (Jul 29)
- RE: Barnyard part 2 Jeff Dell (Jul 29)
- Re: Barnyard part 2 sekure (Jul 29)
- RE: Barnyard part 2 Jeff Dell (Jul 29)
- RE: Barnyard part 2 Jeff Dell (Jul 29)
- RE: Barnyard part 2 Esler, Joel - Contractor (Jul 29)
- Re: Barnyard part 2 sekure (Jul 29)
- RE: Barnyard part 2 Esler, Joel - Contractor (Jul 29)