Snort mailing list archives
Re[2]: need help configuring snort + barnyard
From: Igor Belikov <ivb () is ua>
Date: Thu, 20 Oct 2005 10:18:03 +0300
Hello Chris, Wednesday, October 19, 2005, 7:31:05 PM, you wrote: CE> | I configured snort to write both alert and log files in unified CE> | format. But I can't configure barnyard properly to store in DB CE> | detailed info about alerts. CE> | CE> | Barnyard "watch" alert files and stores info about alerts, but I CE> | need also store whole packets caused alert. CE> It seems you don't need to have snort write both unified files. All the CE> required info seems to be in the unified "log" file, so this is what you CE> want barnyard to read. It's not at all clear to us what info is in the CE> unified "alert" file that's not *also* in the unified "log" file. So we CE> don't write a unified "alert" file at all. It's sounds good, but I still can't configure snort + barnyard. Last configs: - snort: output log_unified: filename snort.log, limit 128 - barnyard: output log_acid_db: mysql, sensor_id 1, database snort, server x.x.x.x, user xxxxx, password xxxxx, detail full In /log directory I see "snort.log.<timestamp>", "barnyard.waldo" (with correct link to snort.log) and "alert" (with alerts produced by snort). Watching log files I see that barnyard works (link in waldo file follows growing snort.log), but I don't get any new alerts in DB. Using previous variant of configs (using unified alert) barnyard put all alerts in DB. Please, point me where I make mistake. -- Best regards, Igor mailto:ivb () is ua ------------------------------------------------------- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- need help configuring snort + barnyard Igor Belikov (Oct 19)
- Re: need help configuring snort + barnyard Chris Edwards (Oct 19)
- Re[2]: need help configuring snort + barnyard Igor Belikov (Oct 20)
- Serious Snort Bug Could Lead To Next Slammer Michael Steele (Oct 20)
- Re: Serious Snort Bug Could Lead To Next Slammer Andreas Östling (Oct 20)
- RE: Serious Snort Bug Could Lead To Next Slammer Patrick Harper (Oct 20)
- Re: Serious Snort Bug Could Lead To Next Slammer Jennifer Steffens (Oct 20)
- Re: Serious Snort Bug Could Lead To Next Slammer Scott Dexter (Oct 20)
- Re: Serious Snort Bug Could Lead To Next Slammer Jeff Nathan (Oct 20)
- RE: Serious Snort Bug Could Lead To Next Slammer Michael Steele (Oct 20)
- Re[2]: need help configuring snort + barnyard Igor Belikov (Oct 20)
- Re: need help configuring snort + barnyard Chris Edwards (Oct 19)