Re: Barnyard2 conf syntax for syslog

["Jefferson, Shawn" <Shawn.Jefferson () bcferries com>]

Doh, sorry both ip addresses are 172.16.8.196... I meant to change them both to 1.1.1.1, but there's no point to trying 
to hide those details now. :)

-----Original Message-----
From: Jefferson, Shawn [mailto:Shawn.Jefferson () bcferries com] 
Sent: Friday, September 04, 2009 2:24 PM
To: Paul Schmehl; snort-users () lists sourceforge net
Subject: Re: [Snort-users] Barnyard2 conf syntax for syslog

Really?  When I try that (with an ip address not a hostname), I get this message in the daemon.log:

Sep  4 14:18:22 bcfids02 barnyard2: WARNING => Unrecognized syslog facility/priority: 1.1.1.1

My output line in the barnyard2.conf file is:

output alert_syslog: 172.16.8.196 LOG_AUTH LOG_INFO

I even tried LOG_AUTH_LOG_INFO like in your email, which I think is a type, but it didn't work either (same message in 
the daemon.log).

-----Original Message-----
From: Paul Schmehl [mailto:pschmehl_lists () tx rr com] 
Sent: Friday, September 04, 2009 1:43 PM
To: Jefferson, Shawn; snort-users () lists sourceforge net
Subject: RE: [Snort-users] Barnyard2 conf syntax for syslog

Yes, I did mean colon, not semi-colon.  I tested that config on my sensor, and 
it worked fine.  IOW, "output alert_syslog: hostname.utdallas.edu 
LOG_AUTH_LOG_INFO" worked for me.  Note that there are no commas separating the 
values of the various attributes, just spaces.

I tested this on a working install of barnyard2 on amd64 FreeBSD 7.2.

--On Friday, September 04, 2009 14:21:04 -0500 "Jefferson, Shawn" 
<Shawn.Jefferson () bcferries com> wrote:

> That was just a typo in my email, I have the colon (you mean colon not
> semi-colon right?) in the conf file.

-- 
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
*******************************************
"It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead." Thomas Jefferson


------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

#
" This e-mail and any attached documents may contain confidential or proprietary information. If you are not the 
intended recipient, please advise the sender immediately and delete this e-mail and all attached documents from your 
computer system. Any unauthorised disclosure, distribution or copying hereof is prohibited."

 " Ce courriel et les documents qui y sont attaches peuvent contenir des informations confidentielles. Si vous n'etes  
pas le destinataire escompte, merci d'en informer l'expediteur immediatement et de detruire ce courriel  ainsi que tous 
les documents attaches de votre systeme informatique. Toute divulgation, distribution ou copie du present courriel et 
des documents attaches sans autorisation prealable de son emetteur est interdite."
#

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users