Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: barnyard: alert_syslog2 not working

From: "Andrew R. Baker" <andrewb () snort org>
Date: Tue, 12 Oct 2004 11:51:25 -0400
Botwick, Jason (Genworth, Contractor) wrote:

Here is my barnyard.conf file
config hostname: x.x.x.x 
config interface: x
output alert_syslog2: severity: NOTICE; facility: LOCAL1;
#output alert_syslog: LOG_LOCAL2 LOG_ALERT LOG_NDELAY

Here are the lines I added to the syslog.conf file:
local1.* 
/var/log/barnyard.log
local2.*
/var/log/barnyard2.log
I SIGHUP'd both syslogd and barnyard. I even tried rebooting once, but Running the command: barnyard -o snort.eth1.alert.1097060734 -c /etc/snort/barnyard.conf Produces no output in /var/log/barnyard.log I have Snort configured to output in unified format. I know that this is 
working because I can get Barnyard to log to a database, and also the
alert_syslog plugin works fine (using the commented directive above).
Any ideas why the old syslog plugin works, but the new one doesn't? What am 
I forgetting?
The new syslog2 output plug-in uses UDP sockets to send syslog events to the remote server. This was done to allow it to be used on systems without a local syslog daemon. The most likely scenario is that your local syslog daemon is not accepting syslog messages over UDP. In order to use the syslog2 output plug-in you will need to enable this support. 

-A
P.S. Barnyard related questions will get my attention much more quickly on the Barnyard mailing lists at SourceForge. 


-------------------------------------------------------
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: