Barnyard question

["Emilio Mira Alfaro"<emial () alumni uv es>]

Hi all. 

I'm having problems with Barnyard and MySQL. I've 
configured Barnyard with log facility, but MySQL only contains
alerts except with two rules: "SMTP HELO overflow attempt" with 
1 log of 1 alert and "P2P GNUTella GET" with 2 logs of 500 alerts.

I'm using Snort 1.8.7 and Barnyard 0.1.0-rc2 (Build 11).

In snort.conf I have:

  output alert_unified: filename snort.alert, limit 128
  output log_unified: filename snort.log, limit 128

and in barnyard.conf

  output log_acid_db: mysql, sensor_id 1, database xxxxx, 
  server localhost, user snort, password xxxxxx, detail full


Thanks in advance.

--
Emilio Mira

> Hi all.
>
> I'm trying to intall barnyard-0.1.0-rc2 with Snort 1.8.7beta2 
> and there are some rare things. 
>
> I log in MySQL database with acid output plugin:
>
> output log_acid_db: mysql, sensor_id 1, database snortdb, 
> server localhost, user snort, password ****** , detail full
>
> and the only one input plugin is dp_log.
>
> First, it seems that barnyard works with a delay: I only can
> see alerts that were detected 2 hours ago.
>
> Second, table iphdr and data are empty, I only can get information
> about alerts generated, nothing else.
>
> In snort.conf I have:
>
> output alert_unified: filename snort.alert, limit 128
> output log_unified: filename snort.log, limit 128
>
> Any ideas.
>
> Thank you!!
>
>
> --
> Emilio Mira
> e-mail: emial () alumni uv es


--
--
Emilio Mira
e-mail: emial () alumni uv es





-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Two, two, TWO treats in one.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users