Snort mailing list archives
Re: Barnyard: Syslog output FAIL!
From: Jason Wallace <jason.r.wallace () gmail com>
Date: Fri, 13 Nov 2009 09:26:26 -0500
I would recommend having snort output using the unified2 format and use barnyard2 http://www.securixlive.com/barnyard2/download.php The unified2 format has both the alert and log information in one file so you only need one instance of barnyard2. The original barnyard is outdated, unmaintained, and does not support unified2. You're not likely to get a lot of help using the original version of barnyard. On Thu, Nov 12, 2009 at 9:37 PM, Chan, Wilson <wchan () honolulu gov> wrote:
Why is barnyard not outputting to syslog? Configurations below: What is driving me nuts is when I run in batch mode for snort.log nothing happens on syslog but as soon as I run batch mode in alert it get output. How do you get syslog to report on the snort.log files in daemon mode? barnyard -o snort.log.1258079148 –v barnyard -o snort.alert.1258079148 -v ==barnyard.conf== config daemon config localtime config hostname: snort-test-laptop config interface: eth2 output log_dump output alert_syslog: LOG_LOCAL4 LOG_ALERT ==/etc/syslog.conf== #Output logs from Barnyard to Syslog Server (remote) local4.* @192.168.1.1 Wilson ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Barnyard: Syslog output FAIL! Chan, Wilson (Nov 12)
- Re: Barnyard: Syslog output FAIL! Jason Wallace (Nov 13)
- <Possible follow-ups>
- Re: Barnyard: Syslog output FAIL! Chan, Wilson (Nov 13)
- Re: Barnyard: Syslog output FAIL! Nick Moore (Nov 13)