Snort mailing list archives
Re: barnyard regular restart required
From: Joel Esler <eslerj () gmail com>
Date: Thu, 12 Mar 2009 09:24:59 -0400
Paul, This goes for the config options for Snort too. I notice a lot of people try and stack them all on the command line as well. J On Wed, Mar 11, 2009 at 11:54 PM, Paul Schmehl <pschmehl_lists () tx rr com>wrote:
--On March 11, 2009 8:53:59 PM -0500 Ian Masters <ian () acces co jp> wrote:Bamm Sorry for the delay replying.1) grep -v '^#' barnyard.conf | grep -v ^$config daemon config localtime config hostname: mail-op-snort config interface: eth0 config filter: not port 22 output alert_acid_db: mysql, sensor_id 1, database snort, server localhost, user snort, password xxxxxxxx output log_acid_db: mysql, database snort, server localhost, user snort, password xxxxxxxx, detail full2) Command line used to start barnyard/usr/local/bin/barnyard -c /etc/snort/barnyard.conf -g /etc/snort/gen-msg.map -s /etc/snort/sid-msg.map -d /var/log/snort -f snort.log -w /var/log/snort/barnyard.waldo -DSorry to interrupt, but I'm going to keep posting this in the hope that more will see it. If you read the source for barnyard, you can include the following in your barnyard.conf file and eliminate them from the command line used to start barnyard: config class-file: /etc/snort/classification.config config sid-msg-map: /etc/snort/sid-msg.map config gen-msg-map: /etc/snort/gen-msg.map In your case that would shorten the startup line as follows: /usr/local/bin/barnyard -c /etc/snort/barnyard.conf -d /var/log/snort -f snort.log -w /var/log/snort/barnyard.waldo -D Paul Schmehl, If it isn't already obvious, my opinions are my own and not those of my employer. ****************************************** WARNING: Check the headers before replying ------------------------------------------------------------------------------ Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Joel Esler T: 302-223-5974 (-) Gtalk: jesler () sourcefire com [m]
------------------------------------------------------------------------------ Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: barnyard regular restart required, (continued)
- Re: barnyard regular restart required Joel Esler (Mar 09)
- Re: barnyard regular restart required Matthew Babcock (Mar 09)
- Re: barnyard regular restart required CunningPike (Mar 10)
- Re: barnyard regular restart required Matthew Babcock (Mar 10)
- Re: barnyard regular restart required Ian Masters (Mar 11)
- Re: barnyard regular restart required Ian Masters (Mar 11)
- Re: barnyard regular restart required Paul Schmehl (Mar 11)
- Re: barnyard regular restart required Ian Masters (Mar 11)
- Re: barnyard regular restart required Paul Schmehl (Mar 11)
- Re: barnyard regular restart required Joel Esler (Mar 12)