Snort mailing list archives
Re: Barnyard syslog problem
From: Joel Esler <jesler () sourcefire com>
Date: Wed, 8 Jul 2009 17:55:07 -0400
We're probably going to need your barnyard command line as well. On Wed, Jul 8, 2009 at 5:11 PM, Jefferson, Shawn < Shawn.Jefferson () bcferries com> wrote:
Hi, I have Snort outputting in unified format, and two instances of Barnyard (version 0.20) running, one that sends the log data to BASE, and another that sends the alert data to a syslog server. This was working perfectly until just recently, and I can’t see what would be wrong. I’ve recently updated to Snort 2.8.4.1, and of course Ubuntu OS patches. Running tcpdump shows the OS syslog messages being sent to my syslog server, but nothing from barnyard. Snort is creating the alert files, and barnyard seems to be processing them (the waldo file is being updated), but nothing comes out via syslog. Snort config: output alert_unified: filename snort.alert, limit 128 Barnyard config: output alert_syslog2: severity: ALERT; syslog_host: 1.1.1.1; *-- * Shawn Jefferson ------------------------------------------------------------------------------ Enter the BlackBerry Developer Challenge This is your chance to win up to $100,000 in prizes! For a limited time, vendors submitting new applications to BlackBerry App World(TM) will have the opportunity to enter the BlackBerry Developer Challenge. See full prize details at: http://p.sf.net/sfu/Challenge _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- joel esler | Sourcefire | AIM: eslerjoel | 302-223-5974
------------------------------------------------------------------------------ Enter the BlackBerry Developer Challenge This is your chance to win up to $100,000 in prizes! For a limited time, vendors submitting new applications to BlackBerry App World(TM) will have the opportunity to enter the BlackBerry Developer Challenge. See full prize details at: http://p.sf.net/sfu/Challenge
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Barnyard syslog problem Jefferson, Shawn (Jul 08)
- Re: Barnyard syslog problem Joel Esler (Jul 08)
- Re: Barnyard syslog problem Jefferson, Shawn (Jul 08)
- Re: Barnyard syslog problem Joel Esler (Jul 08)
- Re: Barnyard syslog problem Jefferson, Shawn (Jul 08)
- Re: Barnyard syslog problem Jefferson, Shawn (Jul 08)
- Re: Barnyard syslog problem Jefferson, Shawn (Jul 08)
- Re: Barnyard syslog problem Joel Esler (Jul 08)
- Re: Barnyard syslog problem Skip Carter (Jul 08)
- Re: Barnyard syslog problem firnsy (Jul 09)
- Re: Barnyard syslog problem Jefferson, Shawn (Jul 08)
- Re: Barnyard syslog problem Joel Esler (Jul 08)