Snort mailing list archives
Re: problems with barnyard, snort and mysql
From: Kevin Smith <kjsmith () tm net>
Date: Fri, 11 Mar 2005 17:13:14 -0500
Hey Alejandro, I used what you wrote to me and I am getting this for an error:WARNING /usr/local/src/barnyard-0.2.0/etc/barnyard.conf(127) => Unknown output plugin "alert_acid_db" referenced, ignoring!Fatal Error, Quitting..
ExitingI guess my next question would be where do I define that output plug-in. Thanks for your reply.
Kevin Alejandro Flores wrote:
Hey, snort.conf: output log_unified: filename /var/log/snort/snort.log, limit 128 barnyard.conf: output alert_acid_db: mysql, database DBNAME server localhost, sensor_id 1, user DBUSER, password DBPASS Start Barnyard: barnyard -c /etc/barnyard.conf -d /var/log/snort -a /var/log/snort-archive -f snort.log -w /var/log/snort/waldo -s /etc/snort/sid-msg.map -g /etc/snort/gen-msg.map -p /etc/snort/classification.config -D Start Snort with no '-A' and '-b' options. (for example:) snort -C -d -c /etc/snort/snort.conf -i IF_YOURE_LISTENING_TO -DOk, now just relax and wait. Next, install BASE to analyse data.http://secureideas.sourceforge.net/ Have fun, Alejandro FloresHey everyone, I already posted his on the forums but I noticed that I was accepted into the mailing list so I will also write it here as well, never hurts to cover all of your bases ;D. I am configuring a server that is using snort to examine traffic that would normally be deleted. By that, I mean traffic who's IP does not resolve to a valid location. We are using this information to detect possible users with virus on their machines. My question is what is a good configuration for Snort and Barnyard to work with MySQL. All the information I really need in the database is the source IP and port, destination IP and port, and the time that the packet was received. I am guessing that the '-A fast' option will take care of that part. So what should I have snort log too, what should barnyard pickup, and how do I export it to the database? I have tried a few different ways and I haven't had any luck. Thanks in advance for any solutions to my problem.------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- problems with barnyard, snort and mysql Kevin Smith (Mar 11)
- Re: problems with barnyard, snort and mysql Alejandro Flores (Mar 11)
- Re: problems with barnyard, snort and mysql Paul Schmehl (Mar 11)
- Re: problems with barnyard, snort and mysql Kevin Smith (Mar 11)
- Re: problems with barnyard, snort and mysql Alejandro Flores (Mar 11)
- Re: problems with barnyard, snort and mysql Kevin Smith (Mar 11)
- Re: problems with barnyard, snort and mysql Alejandro Flores (Mar 11)
- <Possible follow-ups>
- Re: problems with barnyard, snort and mysql Alejandro Flores (Mar 11)
- Re: problems with barnyard, snort and mysql Kevin Smith (Mar 12)
- Re: problems with barnyard, snort and mysql Alejandro Flores (Mar 13)
- Message not available
- Re: problems with barnyard, snort and mysql Kevin Smith (Mar 15)
- Re: problems with barnyard, snort and mysql Kevin Smith (Mar 12)