Snort mailing list archives
Barnyard not logging alert classification
From: "Francis A. Vidal" <francisv () dagupan com>
Date: Tue, 17 Aug 2004 15:51:18 +0800
Hi, It appears that barnyard is not logging the alert classification. All I can see from ACID are "unclassified" alerts. I'm running snort 2.2.0 and barnyard 0.1.0. Here's my barnyard.conf file: config daemon config interface: bridge0 config filter: not port 22 processor dp_alert processor dp_log processor dp_stream_stat output log_acid_db: mysql, sensor_id 1, database snort, server <server_ip>, user snort, password <password>, detail full And here's the entry in /var/log/messages when barnyard starts: Aug 17 15:49:33 ids barnyard: AcidDbOpStop Aug 17 15:49:38 ids barnyard: Args: mysql, sensor_id 1, database snort, serve Aug 17 15:49:38 ids barnyard: Initializing daemon mode Aug 17 15:49:39 ids barnyard: Barnyard Version 0.1.0 (Build 17) started Aug 17 15:49:39 ids barnyard: AcidDbOpStart Aug 17 15:49:39 ids barnyard: OpAcidDB configuration details Aug 17 15:49:39 ids barnyard: Database Flavour: mysql Aug 17 15:49:39 ids barnyard: Detail Level: Full Aug 17 15:49:39 ids barnyard: Database Server: 202.91.161.144 Aug 17 15:49:39 ids barnyard: Database User: snort Aug 17 15:49:39 ids barnyard: SensorID: 1 Aug 17 15:49:39 ids barnyard: AcidDbOpStart Complete /Francis ------------------------------------------------------- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Barnyard not logging alert classification Francis A. Vidal (Aug 17)
- Re: Barnyard not logging alert classification Martin Roesch (Aug 17)