Snort mailing list archives
Re: barnyard with syslog and mysql logging
From: "Bamm Visscher" <bamm.visscher () gmail com>
Date: Mon, 20 Aug 2007 21:04:55 -0600
You need to use unified alert to be able to use the syslog output plugins. You will also need to run two instances of barnyard if you want to use logging to mysql and syslog. One to monitor unified log files, the other to monitor unified alert files. Bammkkkk On 8/20/07, fname lname <larskman () gmail com> wrote:
for some reason I can get barnyard to send logging to syslog/syslog2 but it is logging to mysql fine. under my snort.conf I just enabled "output log_unified: filename snort.log, limit 128" but not "output alert_unified: filename snort.alert, limit 128". Do I need to uncomment "output alert_unified: filename snort.alert, limit 128" too? I start snort like this, "snort -c snort.conf -o -D -A none" ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- sguil - The Analyst Console for NSM http://sguil.sf.net ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- barnyard with syslog and mysql logging fname lname (Aug 20)
- Re: barnyard with syslog and mysql logging Bamm Visscher (Aug 20)
- Re: barnyard with syslog and mysql logging fname lname (Aug 21)
- Re: barnyard with syslog and mysql logging Bamm Visscher (Aug 21)
- Re: barnyard with syslog and mysql logging fname lname (Aug 21)
- Re: barnyard with syslog and mysql logging Bamm Visscher (Aug 20)