Snort mailing list archives
Barnyard not outputting data to mysql db
From: Pratibha Rajan <pratibha.nair12 () outlook com>
Date: Tue, 23 Aug 2016 05:16:05 +0530
Hi All, I am running barnyard in continuous mode but the events table in mysql db is not getting populated. Snort runs in daemon mode. Below is the script I am running for continuous mode: /usr/local/bin/barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.log -w /var/log/barnyard2/barnyard2.waldo Below are the O/P plugins set in snort.conf:******************************************************************************** # Step #6: Configure output plugins# For more information, see Snort Manual, Configuring Snort - Output Modules################################################### # unified2# Recommended for most installsoutput unified2: filename merged.log, limit 128,nostamp, mpls_event_types, vlan_event_types # Additional configuration for specific types of installs output alert_unified2: filename snort.alert, limit 128, nostamp output log_unified2: filename snort.log, limit 128, nostamp # syslog# output alert_syslog: LOG_AUTH LOG_ALERT # output alert_csv: /var/log/snort/csv.out # pcap# output log_tcpdump: tcpdump.logoutput log_tcpdump: /var/log/snort/tcpdump.log # metadata reference data. do not modify these linesinclude classification.configinclude reference.config ************************************************** necessary plugins for barnyard.conf ********************************************************** # Step 2: setup the input plugins# # this is not hard, only unified2 is supported ;)input unified2 #output lineoutput alert_full # database: log to a variety of databases# ----------------------------------------------------------------------------## Purpose: This output module provides logging ability to a variety of databases# See doc/README.database for additional information.## Examples: output database: log, mysql, user=#### password=######## dbname=##### host=localhost Aug 22 15:28:15 tparheidsp001 barnyard2: Closing spool file '/var/log/snort/snort.log.1471754794'. Read 0 recordsAug 22 15:28:15 tparheidsp001 barnyard2: Opened spool file '/var/log/snort/snort.log.1471894095'Aug 22 15:49:48 tparheidsp001 barnyard2: Log directory = /var/log/snort I have set a test alert to read ping requests to the sensor. I see the logs growing consistently: -rwxr-xr-x. 1 snort snort 4432431 Aug 22 19:23 alert-rw-r--r--. 1 root root 0 Aug 21 01:23 barnyard2.alert-rw-------. 1 snort snort 5 Aug 22 15:28 snort_ens192.pid-rw-------. 1 snort snort 0 Aug 22 15:28 snort_ens192.pid.lck-rw-------. 1 snort snort 0 Aug 3 14:46 snort.log.1470249961-rw-------. 1 snort snort 24 Aug 3 15:48 snort.log.1470252537-rw-------. 1 snort snort 0 Aug 3 16:25 snort.log.1470255941-rw-------. 1 snort snort 2904270 Aug 19 21:08 snort.log.1471461503-rw-------. 1 snort snort 101776 Aug 21 00:43 snort.log.1471655771-rw-------. 1 snort snort 156288 Aug 22 15:26 snort.log.1471754794-rw-------. 1 snort snort 109090 Aug 22 19:23 snort.log.1471894095 But barnyard seems unable to process it. Are the logs not in Unified2 format? what needs to be changed?? Thanks Pratibha
------------------------------------------------------------------------------
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Barnyard not outputting data to mysql db Pratibha Rajan (Aug 22)