Snort mailing list archives

Re: snort, barnyard, and base

From: beenph <beenph () gmail com>
Date: Wed, 29 May 2013 13:26:56 -0400

remove -b  from snort command line, this is binary logging and will
overwride your snort.conf output unified2 configuration.

Binary logging will output log in pcap format.

-elz


On Wed, May 29, 2013 at 12:15 PM, Dwayne Hottinger
<dhottinger () harrisonburg k12 va us> wrote:

Is there a recommended way to start snort and base so that the correct
logging occurs?  If I start using the init.d script all logging goes into a
snort.log and an alert file is created.  Thus barnyard doesnt see anything.
If I start using
 snort -D -c /etc/snort/snort.conf all works as planned.  I went through the
init script and cant cipher all the different options, init is calling like
this:
/usr/sbin/snort -b -d -D -i eth0 -u snort -g snort -c /etc/snort/snort.conf
-l /var/log/snort and that seems to ignore my snort.conf file.  Can someone
help with the different switches?

thanks,

ddh

--
Dwayne Hottinger
Network Administrator
Harrisonburg City Public Schools

------------------------------------------------------------------------------
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap1
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort
news!


------------------------------------------------------------------------------
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap1
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

snort, barnyard, and base Dwayne Hottinger (May 29)
- Re: snort, barnyard, and base beenph (May 29)
  - Re: snort, barnyard, and base waldo kitty (May 29)
    - Re: snort, barnyard, and base beenph (May 29)
    - Re: snort, barnyard, and base waldo kitty (May 30)