Barnyard2 and OpenAppID

["Lucas Miguel \(_theHarvester\) via Snort-users" <snort-users () lists snort org>]

Hello Guys,

I’ve posted this question on Barnyard2 users list but no lucky at all.

I’m using Snort logging into unified2 format and Barnyard2 processing the files but when I’ve the appid_event_types in 
configuration file Barnyard2 don’t insert data into the MySql database.

And running snort as service with the following command:

ExecStart=/usr/local/bin/snort -q -u snort -g snort -c /etc/snort/snort.conf -I ens192

Followed by a Barnyard2 service:

ExecStart=/usr/local/bin/barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.u2 -q -w 
/var/log/snort/barnyard2.waldo -g snort -u snort -D -a /var/log/snort/archived_logs


Don’t feed the database as well.

Only when removing the appid_event_types in snort.conf file and running snort as Deamon

/usr/local/bin/snort -q -u snort -g snort -c /etc/snort/snort.conf -I ens192

And Barnyard2 with the following command:

Barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.u2 -w /var/log/snort/barnyard2.waldo -g snort -u snort


I’m able to see logs being inserted into the database. But the barnyard2 command take long to execute.


Regards,
Lucas 




_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

        To unsubscribe, send an email to:
        snort-users-leave () lists snort org

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette