Snort mailing list archives
Re: barnyard 2 not outputing logs to mysql
From: JJ Cummings <cummingsj () gmail com>
Date: Wed, 7 Apr 2010 10:19:37 -0600
You are wrong :-) .. unified2 is a single unified output that contains all of the data that you need: output unified2: filename snort.unified2, limit 128 That should do it.. then read the snort.unified2 spool files with barnyard2 and verify that you are generating events with snort... barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.unified2 -w /var/log/snort/by2.waldo On Wed, Apr 7, 2010 at 10:15 AM, Kum Weng Luey <kumwengluey () gmail com>wrote:
Yes, I guessed I have wrote it to unified2 files. Below was how i wrote it. output alert_unified2: filename snort.alert, limit 128 output log_unified2: filename snort.log, limit 128 My barnyard command goes like this: barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.alert -w /var/log/snort/by2.waldo Please correct me if I am wrong. Thanks KW On Thu, Apr 8, 2010 at 12:11 AM, JJ Cummings <cummingsj () gmail com> wrote:Make sure that you are writing unified2 from snort and reading those files with barnyard2.. also that you have events being generated and thusly populated into said unified2 files. JJC On Wed, Apr 7, 2010 at 10:04 AM, Kum Weng Luey <kumwengluey () gmail com>wrote:Hi all, A query yet again, I have used barnyard2 in-place of barnyard after much consideration and did configuration as how I did for barnyard. Everything was working fine till i check mysql tables. Nothing was output to the database. I've checked my barnyard2 config file and double checked the database username and password. Everything seems right. Could i have missed out something that i did not notice. Thank you peeps for any help rendered. Regards, KW ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- barnyard 2 not outputing logs to mysql Kum Weng Luey (Apr 07)
- Re: barnyard 2 not outputing logs to mysql JJ Cummings (Apr 07)
- Re: barnyard 2 not outputing logs to mysql Kum Weng Luey (Apr 07)
- Re: barnyard 2 not outputing logs to mysql JJ Cummings (Apr 07)
- Re: barnyard 2 not outputing logs to mysql Kum Weng Luey (Apr 07)
- Re: barnyard 2 not outputing logs to mysql JJ Cummings (Apr 07)