Snort mailing list archives

Previous By Date Next
Previous By Thread Next

[Snort] tag: Tagged Packet and Snort Alert only show up when using barnyard?

From: "Chan, Wilson" <wchan () honolulu gov>
Date: Tue, 10 Nov 2009 13:44:36 -1000
Im a bit confused here. When I output the events via snort.conf using
"output database" BASE doesn't show any Tagged or Snort Alert Packets.
But as soon as I comment out the "output database" from snort.conf and
enable it on barnyard.conf I start getting these alerts in BASE.  Any
ideas why this is happening?

 

Output from Base:

#24-(16-173)
<http://172.31.62.248/base/base_qry_alert.php?submit=%2324-%2816-173%29&;
sort_order=time_d>  

[snort <http://www.snortid.com/snortid.asp?QueryID=1> ] tag: Tagged
Packet 

#27-(16-170)
<http://172.31.62.248/base/base_qry_alert.php?submit=%2327-%2816-170%29&;
sort_order=time_d>  

[snort <http://www.snortid.com/snortid.asp?QueryID=15581> ] Snort Alert
[1:15581:0] 

 

 

==snort.conf==

output database: log, mysql, user=snort password=xxxxx dbname=snort
host=192.168.1.1 sensor_name=Snort

 

==barnyard.conf==

output log_acid_db: mysql, database snort, server 192.168.1.1, user
snort, password xxxxx, detail full

 

==ps aux |grep snort==

snort    10463 89.4  1.2  67428 51992 ?        Rs   12:45  51:04
/usr/sbin/snort -D -i eth1 -u snort -g snort -c /etc/snort/snort.conf -l
/var/log/snort -F /etc/snort/bpf_file

root     10486  0.0  0.0   8684  3028 pts/0    S    12:45   0:00
/usr/local/bin/barnyard -c /etc/snort/barnyard.conf -g
/etc/snort/gen-msg.map -s /etc/snort/sid-msg.map -d /var/log/snort -f
snort.log -w /var/log/snort/barnyard.waldo -D

 

Wilson

 


------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: