Snort mailing list archives
how to clear the caches of snort/barnyard?
From: "闫振宇" <yanzhenyu () 55tuan com>
Date: Thu, 12 Apr 2012 18:22:45 +0800
Hi,all I rewrited my snort.conf.I wanted snort to output snort.log.and I started up snort&barnyard,but it seemed that the new configuration file didn't work. The 'spool filebase' option of barnyard was merged.log not snort.log. 1st. snort.conf ........ ################################################### # Step #6: Configure output plugins # For more information, see Snort Manual, Configuring Snort - Output Modules ################################################### # unified2 # Recommended for most installs output unified2: filename snort.log, limit 128 # output unified2: filename merged.log, limit 128, nostamp, mpls_event_types, vlan_event_types # Additional configuration for specific types of installs # output alert_unified2: filename snort.alert, limit 128, nostamp # output log_unified2: filename snort.log, limit 128, nostamp 2nd.Start up snort&&barnyard snort -c /etc/snort/snort.conf -i eth0 /usr/local/bin/barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.log -w /var/log/snort/barnyard.waldo But barnyard database: using the "log" facility --== Initialization Complete ==-- ______ -*> Barnyard2 <*- / ,,_ \ Version 2.1.9 (Build 263) |o" )~| By the SecurixLive.com Team: http://www.securixlive.com/about.php + '''' + (C) Copyright 2008-2010 SecurixLive. Snort by Martin Roesch & The Snort Team: http://www.snort.org/team.html (C) Copyright 1998-2007 Sourcefire Inc., et al. Using waldo file '/var/log/snort/barnyard.waldo': spool directory = /var/log/snort spool filebase = merged.log time_stamp = 1334199055 record_idx = 210 Waiting for new spool file what's the error? Can any one help me? 2012-04-12 闫振宇 系统部 北京窝窝团信息技术有限公司 ______________________________________________________________________________________________________ Add:北京市海淀区农大南路1号硅谷亮城9号楼1层 邮编:100080 Tel:+86-10-59065069 Mob:+86-13261949497 E-mail:yanzhenyu () 55tuan com www.55tuan.com
Attachment:
窝窝团logo signature(07-27-16-48-28).png
Description:
------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- how to clear the caches of snort/barnyard? 闫振宇 (Apr 12)