Re: [barnyard2-users] Logging to the Windows event log

["Michael Steele" <michaels () winsnort com>]

Rich,

Yes, that logs events to the Application log in Windows, but Barnyard2 fails
to process events to the database?

If I remove the -E switch Barnyard2 processes events to the database.

It appears that selecting the -E switch disables all other logging
mechanisms?

Best regards,
Michael...

> -----Original Message-----
> From: barnyard2-users () googlegroups com [mailto:barnyard2-
> users () googlegroups com] On Behalf Of Rich Rumble
> Sent: Wednesday, January 30, 2013 8:43 PM
> To: barnyard2-users () googlegroups com
> Subject: Re: [barnyard2-users] Logging to the Windows event log
>
> On Wed, Jan 30, 2013 at 8:32 PM, Rich Rumble <richrumble () gmail com>
> wrote:
> > On Wed, Jan 30, 2013 at 8:25 PM, Michael Steele
> <michaels () winsnort com> wrote:
> > > Snort used to log events to the Event Viewer under Application log,
> > > but apparently that function is no longer works.
> > >
> > > Using the below in the snort.conf used to work:
> > >
> > > output alert_syslog: LOG_AUTH LOG_ALERT
> >
> > Again this was a command line switch in snort not a CONF setting, I've
> > looked at the source and change logs, it should still be present from
> > what I can tell, try the "-E" option:
> > http://flylib.com/books/en/2.12.1.51/1/
> Just downloaded the latest
> (http://s3.amazonaws.com/snort-org/www/snort-
> current/20121129/Snort_2_9_4_Installer.exe)
> C:\Snort\bin>snort --help
>
>    ,,_     -*> Snort! <*-
>   o"  )~   Version 2.9.4-WIN32 GRE (Build 40)
>    ''''    By Martin Roesch & The Snort Team:
> http://www.snort.org/snort/snort-team
>            Copyright (C) 1998-2012 Sourcefire, Inc., et al.
>            Using PCRE version: 8.10 2010-06-25
>            Using ZLIB version: 1.2.3
>
> USAGE: snort [-options] <filter options>
>        snort /SERVICE /INSTALL [-options] <filter options>
>        snort /SERVICE /UNINSTALL
>        snort /SERVICE /SHOW
> Options:
>         -A         Set alert mode: fast, full, console, test or none
> (alert file alerts only)
>         -b         Log packets in tcpdump format (much faster!)
>         -B <mask>  Obfuscated IP addresses in alerts and packet dumps
using
> CIDR mask
>         -c <rules> Use Rules File <rules>
>         -C         Print out payloads with character data only (no hex)
>         -d         Dump the Application Layer
>         -e         Display the second layer header info
>         -E         Log alert messages to NT Eventlog. (Win32 only)
> <------------------------------------------------------------------
> I haven't had time to try it though...
> -rich
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "barnyard2-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to barnyard2-users+unsubscribe () googlegroups com.
> For more options, visit https://groups.google.com/groups/opt_out.



------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_jan
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!