Snort mailing list archives
Re: barnyard regular restart required
From: Paul Schmehl <pschmehl_lists () tx rr com>
Date: Wed, 11 Mar 2009 22:54:24 -0500
--On March 11, 2009 8:53:59 PM -0500 Ian Masters <ian () acces co jp> wrote:
Bamm Sorry for the delay replying.1) grep -v '^#' barnyard.conf | grep -v ^$config daemon config localtime config hostname: mail-op-snort config interface: eth0 config filter: not port 22 output alert_acid_db: mysql, sensor_id 1, database snort, server localhost, user snort, password xxxxxxxx output log_acid_db: mysql, database snort, server localhost, user snort, password xxxxxxxx, detail full2) Command line used to start barnyard/usr/local/bin/barnyard -c /etc/snort/barnyard.conf -g /etc/snort/gen-msg.map -s /etc/snort/sid-msg.map -d /var/log/snort -f snort.log -w /var/log/snort/barnyard.waldo -D
Sorry to interrupt, but I'm going to keep posting this in the hope that more will see it. If you read the source for barnyard, you can include the following in your barnyard.conf file and eliminate them from the command line used to start barnyard: config class-file: /etc/snort/classification.config config sid-msg-map: /etc/snort/sid-msg.map config gen-msg-map: /etc/snort/gen-msg.map In your case that would shorten the startup line as follows: /usr/local/bin/barnyard -c /etc/snort/barnyard.conf -d /var/log/snort -f snort.log -w /var/log/snort/barnyard.waldo -D Paul Schmehl, If it isn't already obvious, my opinions are my own and not those of my employer. ****************************************** WARNING: Check the headers before replying ------------------------------------------------------------------------------ Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: barnyard regular restart required, (continued)
- Re: barnyard regular restart required Paul Schmehl (Mar 09)
- Re: barnyard regular restart required Joel Esler (Mar 09)
- Re: barnyard regular restart required Matthew Babcock (Mar 09)
- Re: barnyard regular restart required CunningPike (Mar 10)
- Re: barnyard regular restart required Matthew Babcock (Mar 10)
- Re: barnyard regular restart required Ian Masters (Mar 11)
- Re: barnyard regular restart required Ian Masters (Mar 11)
- Re: barnyard regular restart required Paul Schmehl (Mar 11)
- Re: barnyard regular restart required Ian Masters (Mar 11)
- Re: barnyard regular restart required Paul Schmehl (Mar 11)
- Re: barnyard regular restart required Joel Esler (Mar 12)