Re: snort 2.9.6.2 unified2

[Shirkdog <shirkdog () gmail com>]

Now we need your barnyard config to show that it is reading unified2
format. If your barnyard is 2.1-13 BETA (current git checkout), you
should have this in your conf file

# this is not hard, only unified2 is supported ;)
input unified2

---
Michael Shirk


On Mon, Sep 22, 2014 at 9:18 PM, John Hally <JHally () ebsco com> wrote:
> Hi All,
>
> I’m having an issue that I just cant figure out.
>
> I’m trying to combine alerts and logs in uniified2 format which I have the
> following in my snort.conf file:
>
> output unified2: filename snort.log, limit 128, nostamp
>
> The issue is when I try to get barnyard2 to process the file.  It seems that
> if I run snort like the following, barnyard2 reports that its waiting for a
> spool file:
>
> /usr/local/bin/snort -D -i eth1 -u snort -g snort -c
> /etc/snort/etc/snort.conf
>
> And barnyard2 never finds the snort.log file that is created.
>
>
> BUT if I run snort this way:
>
> /usr/local/bin/snort -A full -D -i eth1 -u snort -g snort –c
> /etc/snort/etc/snort.conf
>
> barnyard2 finds the snort.log.##### filename that gets created, but I think
> the file format isnt correct.
>
> Sorry if this is more of a barnyard2 issue than snort
>
> Thanks!
>
> John
>
> ------------------------------------------------------------------------------
> Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
> Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
> Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
> Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
> http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort
> news!

------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!