Snort mailing list archives

Re: (no subject)

From: Ron Rosson <insane () oneinsane net>
Date: Wed, 23 Jan 2002 06:36:11 -0000


Sorry subject was supposed to be...

"snort 1.8.3 + barnyard beta4 + acid 0.9.6b19"

Ron Rosson <insane () oneinsane net> said:

 
 Here is my command line of snort:
 
 snort -D -i qe0
 
 Here is my command line for barnyard
 
 barnyard -c /etc/snort/barnyard.conf -d /var/log/snort/ -f snort.log \
 -w /var/log/snort/waldo.barnyard
 
 Other than my network variables being shown here, here is my snort.conf
 
 Preprocessors:
      preprocessor frag2
      preprocessor stream4: detect_scans
      preprocessor stream4_reassemble
      preprocessor http_decode: 80 -unicode -cginull
      preprocessor rpc_decode: 111
      preprocessor bo: -nobrute
      
  Output plugins:
         output log_unified: filename snort.log, limit 128
  
  Here is my barnayard.con
  
  processor dp_alert
  processor dp_log
  output alert_acid_db: mysql, sensor_id 1, database snort, server

myserver, user s

  nort, password mysnort
  output log_acid_db: mysql, sensor_id 1, database snort, server myserver,

user snor

  t, password mysnort, detail full
  
  Now when I started it for the first time it made acid's tcp line 100%
  and that is it. Everything else is all 0's
 
TIA
Ron

--

------------------------------------------------------------------------------

Ron Rosson                                    ... and a UNIX user said ...
The InSaNe One                                        rm -rf *
insane () oneinsane net                        and all was /dev/null and

*void()

------------------------------------------------------------------------------



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





-- 
------------------------------------------------------------------------------

Ron Rosson                                    ... and a UNIX user said ... 
The InSaNe One                                        rm -rf * 
insane () oneinsane net                 and all was /dev/null and *void() 
------------------------------------------------------------------------------



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Re: Remote collection of data from a Snort sensor in stealth mode, (continued)
- - - Re: Remote collection of data from a Snort sensor in stealth mode Ian Masters (Jan 16)
    - Re: Remote collection of data from a Snort Guillaume (Jan 16)
    - Re: Remote collection of data from a Snort sensor in stealth mode Erek Adams (Jan 16)
  - Re: (no subject) skadhi (Jan 16)
- (no subject) Patrice . Arnal (Jan 17)
  - Re: (no subject) Erik Fichtner (Jan 17)
- (no subject) Cary Mathews (Jan 18)
  - Re: (no subject) John Sage (Jan 19)
- (no subject) apiecyk (Jan 22)
- (no subject) Ron Rosson (Jan 22)
  - Re: (no subject) Ron Rosson (Jan 22)
- (no subject) Dean Scott (Jan 24)
- (no subject) deepak aggarwal (Jan 30)
  - Re: (no subject) Guillaume (Jan 31)
- (no subject) Edward Cole (Feb 04)
  - Re: (no subject) Matt Kettler (Feb 04)
- (no subject) Jim Nemetz (Feb 04)
- (no subject) Edward Cole (Feb 05)
- (no subject) Edward Cole (Feb 07)
  - Re: (no subject) Chris Green (Feb 07)
  - Re: (no subject) Alwin Raymundo (Feb 08)

(Thread continues...)