Snort mailing list archives
unsubscribe
From: "Lieberg, Mark" <Mark.Lieberg () PettersGroup com>
Date: Sun, 27 Apr 2003 18:04:18 -0500
-----Original Message----- From: snort-users-request () lists sourceforge net [mailto:snort-users-request () lists sourceforge net] Sent: Saturday, April 26, 2003 8:35 PM To: snort-users () lists sourceforge net Subject: Snort-users digest, Vol 1 #3111 - 12 msgs Send Snort-users mailing list submissions to snort-users () lists sourceforge net To subscribe or unsubscribe via the World Wide Web, visit https://lists.sourceforge.net/lists/listinfo/snort-users or, via email, send a message with subject or body 'help' to snort-users-request () lists sourceforge net You can reach the person managing the list at snort-users-admin () lists sourceforge net When replying, please edit your Subject line so it is more specific than "Re: Contents of Snort-users digest..." Today's Topics: 1. trying snort as nids of prelude (smitha rao) 2. snort architecture... (Mohammad Alimohammadi) 3. setting up a mirroring port at switch (smitha rao) 4. Re: setting up a mirroring port at switch (d_greenjr) 5. RE: setting up a mirroring port at switch (Matt Yackley) 6. Snort 2.0 isn't alerting (Lloyd_Ardoin () mazzios com) 7. (snort_decoder): Truncated Tcp Options (Jason Beveridge) 8. snort.conf problems (stormshadow) 9. Is there a program to test snort rules? (Joe Horton) 10. RE: Is there a program to test snort rules? (Michael Steele) 11. Re: snort architecture... (twig les) 12. Barnyard Shell Script (Jason Linden) --__--__-- Message: 1 Date: Sat, 26 Apr 2003 03:00:43 -0700 (PDT) From: smitha rao <meetsmithahv () yahoo com> To: snort-users () lists sourceforge net Subject: [Snort-users] trying snort as nids of prelude hi all, I hav installed snort...n its working nicely.. I heard 'bout the prelude which includes both NIDS and Hostbased IDS...which also includes much features.. As NIDS snort is the best.. i want to replace the NIDS of prelude by snort...is it possible.? has any body tested it? plz help.. thank you __________________________________ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo. http://search.yahoo.com --__--__-- Message: 2 Reply-To: <mohammad () tisri org> From: "Mohammad Alimohammadi" <mohammad () tisri org> To: <snort-users () lists sourceforge net> Date: Sat, 26 Apr 2003 14:57:37 +0430 Organization: Tehran International Studies & Research Institute Subject: [Snort-users] snort architecture... This is a multi-part message in MIME format. ------=_NextPart_000_0010_01C30C04.31C7DC50 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Dear All, Before I ask a new question I must thanks form friends who answered to "Invalid Interface with Snort 2.0.0" issue very kindly. Now I need a brief introduction about snort Architecture and how snort is work? Any comments and Links are valuable for me. Regards Mohammad ------=_NextPart_000_0010_01C30C04.31C7DC50 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable <html xmlns:o=3D"urn:schemas-microsoft-com:office:office" = xmlns:w=3D"urn:schemas-microsoft-com:office:word" = xmlns=3D"http://www.w3.org/TR/REC-html40";> <head> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3Dus-ascii"> <meta name=3DProgId content=3DWord.Document> <meta name=3DGenerator content=3D"Microsoft Word 10"> <meta name=3DOriginator content=3D"Microsoft Word 10"> <link rel=3DFile-List href=3D"cid:filelist.xml@01C30C04.2D0C9E30"> <!--[if gte mso 9]><xml> <o:OfficeDocumentSettings> <o:DoNotRelyOnCSS/> </o:OfficeDocumentSettings> </xml><![endif]--><!--[if gte mso 9]><xml> <w:WordDocument> <w:SpellingState>Clean</w:SpellingState> <w:GrammarState>Clean</w:GrammarState> <w:DocumentKind>DocumentEmail</w:DocumentKind> <w:EnvelopeVis/> <w:Compatibility> <w:BreakWrappedTables/> <w:SnapToGridInCell/> <w:WrapTextWithPunct/> <w:UseAsianBreakRules/> </w:Compatibility> <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel> </w:WordDocument> </xml><![endif]--> <style> <!-- /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} a:link, span.MsoHyperlink {color:blue; text-decoration:underline; text-underline:single;} a:visited, span.MsoHyperlinkFollowed {color:purple; text-decoration:underline; text-underline:single;} span.EmailStyle17 {mso-style-type:personal-compose; mso-style-noshow:yes; mso-ansi-font-size:10.0pt; mso-bidi-font-size:10.0pt; font-family:Arial; mso-ascii-font-family:Arial; mso-hansi-font-family:Arial; mso-bidi-font-family:Arial; color:windowtext;} span.SpellE {mso-style-name:""; mso-spl-e:yes;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section1;} --> </style> <!--[if gte mso 10]> <style> /* Style Definitions */=20 table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman";} </style> <![endif]--> </head> <body lang=3DEN-US link=3Dblue vlink=3Dpurple = style=3D'tab-interval:.5in'> <div class=3DSection1> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>Dear All,<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>Before I ask a new question I must thanks form = friends who answered to “Invalid Interface with Snort 2.0.0” issue very = kindly…<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>Now I need a brief introduction about snort = Architecture and how snort is work?<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>Any comments and Links are valuable for = me…<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>Regards<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>Mohammad<o:p></o:p></span></font></p> </div> </body> </html> ------=_NextPart_000_0010_01C30C04.31C7DC50-- --__--__-- Message: 3 Date: Sat, 26 Apr 2003 03:36:41 -0700 (PDT) From: smitha rao <meetsmithahv () yahoo com> To: snort-users () lists sourceforge net Subject: [Snort-users] setting up a mirroring port at switch hi all, I am testing snort in a machine which is connected to a star topology LAN.My m/c is an end m/c ,to which all the network traffic will not be redirected...I want my snort to test all the traffic.I dont want to test it on firewall m/c as it'll be similar as my nsort is running outside the firewall..resulting in unwanted alerts.. I wanted to setup a mirroring port..How to set it up? so that all traffic comes to my m/c..Do anybody have a procedure to setup mirroring port at the switch level. plz help me.. thank you __________________________________ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo. http://search.yahoo.com --__--__-- Message: 4 From: "d_greenjr" <d_greenjr () hotmail com> To: <snort-users () lists sourceforge net> Subject: Re: [Snort-users] setting up a mirroring port at switch Date: Sat, 26 Apr 2003 09:01:39 -0400 It would help to know which type of switch you have. On some of the larger cisco switches you need to type the command "set span <src_prt> <dst_prt>". On some of the smaller cisco switches you have to 1) configure the terminal [config t], 2)select the destination interface [interface fa0/48], 3) select the source interface to be monitored [port mirror fa0/12], 4) Ctrl-Z. NOTE: All this is done after you have entered the exec priv mode. DISCLAIMER: The syntax for the smaller cisco switch may be off on step three so type "port mirr" and press the tab key for auto-completion. ----- Original Message ----- From: "smitha rao" <meetsmithahv () yahoo com> To: <snort-users () lists sourceforge net> Sent: Saturday, April 26, 2003 6:36 AM Subject: [Snort-users] setting up a mirroring port at switch
hi all,
I am testing snort in a machine which is connected to
a star topology LAN.My m/c is an end m/c ,to which all
the network traffic will not be redirected...I want my
snort to test all the traffic.I dont want to test it
on firewall m/c as it'll be similar as my nsort is
running outside the firewall..resulting in unwanted
alerts..
I wanted to setup a mirroring port..How to set it up?
so that all traffic comes to my m/c..Do anybody have a
procedure to setup mirroring port at the switch level.
plz help me..
thank you
__________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.
http://search.yahoo.com
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
--__--__--
Message: 5
From: Matt Yackley <Matt.Yackley () perkinswill com>
To: 'smitha rao ' <meetsmithahv () yahoo com>,
"'snort-users () lists sourceforge net '"
<snort-users () lists sourceforge net>
Subject: RE: [Snort-users] setting up a mirroring port at switch
Date: Sat, 26 Apr 2003 08:01:02 -0500
Hello,
Well two things.....
1. IMHO the alerts that would be generated just inside the firewall are
much
more important that what is generated outside your firewall. While I
have
sensor outside of my firewall just so that I know what is hitting the
outside, the sensor inside, is the one that is really counts, since it's
only the traffic that makes it through the firewall that really matters.
2. Without any idea of what type of switches you have, no one can help
you
with port-mirroring. Also a quick check of your switch vendor's website
or
the manual should tell you how to do it, if your switch has the ability
to
do port mirroring or port spanning (it's called different things by
different vendors).
-matt
-----Original Message-----
From: smitha rao
To: snort-users () lists sourceforge net
Sent: 4/26/2003 5:36 AM
Subject: [Snort-users] setting up a mirroring port at switch
hi all,
I am testing snort in a machine which is connected to
a star topology LAN.My m/c is an end m/c ,to which all
the network traffic will not be redirected...I want my
snort to test all the traffic.I dont want to test it
on firewall m/c as it'll be similar as my nsort is
running outside the firewall..resulting in unwanted
alerts..
I wanted to setup a mirroring port..How to set it up?
so that all traffic comes to my m/c..Do anybody have a
procedure to setup mirroring port at the switch level.
plz help me..
thank you
__________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.
http://search.yahoo.com
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
--__--__--
Message: 6
To: snort-users () lists sourceforge net
From: Lloyd_Ardoin () mazzios com
Date: Sat, 26 Apr 2003 15:37:44 -0500
Subject: [Snort-users] Snort 2.0 isn't alerting
This is a multipart message in MIME format.
--=_alternative 0071540686256D14_=
Content-Type: text/plain; charset="us-ascii"
Just an FYI ....I had submitted a question a couple of days ago about
upgrading from Snort 1.9.1 to 2.0.0 and wasn't getting any alerts
anymore
on a RedHat 8.0 Dell box. I have gone back to the 1.9.1 version and I am
seeing the exploit traffic again on my DMZ.
LA
--=_alternative 0071540686256D14_=
Content-Type: text/html; charset="us-ascii"
<br><font size=2 face="sans-serif">Just an FYI ....I had submitted a
question a couple of days ago about upgrading from Snort 1.9.1 to 2.0.0
and wasn't getting any alerts anymore on a RedHat 8.0 Dell box. I have
gone back to the 1.9.1 version and I am seeing the exploit traffic again
on my DMZ.</font>
<br>
<br><font size=2 face="sans-serif">LA</font>
<br>
--=_alternative 0071540686256D14_=--
--__--__--
Message: 7
Date: Sat, 26 Apr 2003 16:53:43 -0400
From: Jason Beveridge <jason () ingis com>
To: snort-users () lists sourceforge net
Organization:
Subject: [Snort-users] (snort_decoder): Truncated Tcp Options
Hi, I am a newbie. I keep getting a lot of alerts listed as:
(snort_decoder): Truncated Tcp Options.
There's no snort ID for them - it seems they are junk. What is this and
how can I get rid of it? Any info is appreciated.
Jason
--__--__--
Message: 8
Date: Sat, 26 Apr 2003 18:04:44 -0400
From: stormshadow <storm-shadow () comcast net>
To: snort-users () lists sourceforge net
Subject: [Snort-users] snort.conf problems
Trying to get the IDS going here. I do a :
snort -dev -l log -h 172.16.0.0/24 -c snort.conf
running in IDS mode
log directory = log
then it gives me an error:
ERROR: unable to open rules file: snort.conf or ./snort.conf
fatal error, quitting
I take it snort.conf comes out of the box with no rules?? What do I
need to do?
thanks
Stormshadow
--__--__--
Message: 9
Date: Sat, 26 Apr 2003 16:49:54 -0700 (PDT)
From: Joe Horton <mymailii () yahoo com>
To: snort-users () lists sourceforge net
Subject: [Snort-users] Is there a program to test snort rules?
--0-999156039-1051400994=:31607
Content-Type: text/plain; charset=us-ascii
Heres something i found that says it can test snort rules but its not
for download :( http://www.eurocompton.net/stick/projects8.html Anyone
know if theres something similar that i can use to test rules?
---------------------------------
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.
--0-999156039-1051400994=:31607
Content-Type: text/html; charset=us-ascii
<DIV>Heres something i found that says it can test snort rules but its
not for download :( <A
href="http://www.eurocompton.net/stick/projects8.html";>http://www.euroco
mpton.net/stick/projects8.html</A> Anyone know if theres something
similar that i can use to test rules?</DIV><p><hr SIZE=1>
Do you Yahoo!?<br>
<a
href="http://us.rd.yahoo.com/search/mailsig/*http://search.yahoo.com";>Th
e New Yahoo! Search</a> - Faster. Easier. Bingo.
--0-999156039-1051400994=:31607--
--__--__--
Message: 10
From: "Michael Steele" <michaels () silicondefense com>
To: "'Joe Horton'" <mymailii () yahoo com>
Cc: <snort-users () lists sourceforge net>
Subject: RE: [Snort-users] Is there a program to test snort rules?
Date: Sat, 26 Apr 2003 17:27:29 -0700
This is a multi-part message in MIME format.
------=_NextPart_000_0007_01C30C19.224BE220
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Joe,
=20
To test the configuration and rules use the -T at the end of your run =
line.
=20
-Michael
--
Michael Steele | System Engineer / Support Technician
mailto:michaels () silicondefense com
Silicon Defense: IDS solutions - http://www.silicondefense.com
Snort: Open Source Network IDS - http://www.snort.org
-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Joe Horton
Sent: Saturday, April 26, 2003 4:50 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Is there a program to test snort rules?
=20
Heres something i found that says it can test snort rules but its not =
for
download :( http://www.eurocompton.net/stick/projects8.html Anyone =
know if
theres something similar that i can use to test rules?
_____ =20
Do you Yahoo!?
The New <http://us.rd.yahoo.com/search/mailsig/*http:/search.yahoo.com>
Yahoo! Search - Faster. Easier. Bingo.
------=_NextPart_000_0007_01C30C19.224BE220
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<meta name=3DGenerator content=3D"Microsoft Word 10 (filtered)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:blue;
text-decoration:underline;}
p
{margin-right:0in;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman";}
span.EmailStyle18
{font-family:Arial;
color:navy;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
{page:Section1;}
-->
</style>
</head>
<body lang=3DEN-US link=3Dblue vlink=3Dblue>
<div class=3DSection1>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>Joe,</span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> </span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>To test the configuration and rules
=
use
the -T at the end of your run line.</span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> </span></font></p>
<div>
<p><font size=3D2 color=3Dnavy face=3D"Times New Roman"><span =
style=3D'font-size:10.0pt;
color:navy'> -Michael<br>
--<br>
Michael Steele | System Engineer / Support Technician<br>
<a =
href=3D"mailto:michaels () silicondefense com">mailto:michaels@silicondefen
s=
e.com</a><br>
Silicon Defense: IDS solutions - <a =
href=3D"http://www.silicondefense.com";>http://www.silicondefense.com</a>
<=
br>
Snort: Open Source Network IDS - <a =
href=3D"http://www.snort.org";>http://www.snort.org</a></span></font></p>
</div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DTahoma><span
style=3D'font-size:10.0pt;font-family:Tahoma'>-----Original =
Message-----<br>
<b><span style=3D'font-weight:bold'>From:</span></b>
snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] <b><span =
style=3D'font-weight:
bold'>On Behalf Of </span></b>Joe Horton<br>
<b><span style=3D'font-weight:bold'>Sent:</span></b> Saturday, April 26,
=
2003
4:50 PM<br>
<b><span style=3D'font-weight:bold'>To:</span></b>
snort-users () lists sourceforge net<br>
<b><span style=3D'font-weight:bold'>Subject:</span></b> [Snort-users] Is
=
there a
program to test snort rules?</span></font></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'> </span></font></p>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'>Heres something i found that says it can test
=
snort
rules but its not for download :( <a
href=3D"http://www.eurocompton.net/stick/projects8.html";>http://www.euro
c=
ompton.net/stick/projects8.html</a>
Anyone know if theres something similar that i can use to test =
rules?</span></font></p>
</div>
<div class=3DMsoNormal align=3Dcenter =
style=3D'margin-left:.5in;text-align:center'><font
size=3D3 face=3D"Times New Roman"><span style=3D'font-size:12.0pt'>
<hr size=3D1 width=3D"100%" align=3Dcenter>
</span></font></div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'>Do you Yahoo!?<br>
<a =
href=3D"http://us.rd.yahoo.com/search/mailsig/*http:/search.yahoo.com";>T
h=
e New
Yahoo! Search</a> - Faster. Easier. Bingo.</span></font></p>
</div>
</body>
</html>
------=_NextPart_000_0007_01C30C19.224BE220--
--__--__--
Message: 11
Date: Sat, 26 Apr 2003 18:31:12 -0700 (PDT)
From: twig les <twigles () yahoo com>
Subject: Re: [Snort-users] snort architecture...
To: mohammad () tisri org, snort-users () lists sourceforge net
www.snort.org/docs
--- Mohammad Alimohammadi <mohammad () tisri org> wrote:
Dear All, Before I ask a new question I must thanks form friends who answered to "Invalid Interface with Snort 2.0.0" issue very kindly. Now I need a brief introduction about snort Architecture and how snort is work? Any comments and Links are valuable for me. Regards Mohammad
===== ----------------------------------------------------------- Know yourself and know your enemy and you will never fear defeat. ----------------------------------------------------------- __________________________________ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo. http://search.yahoo.com --__--__-- Message: 12 From: "Jason Linden" <jlinden7 () adelphia net> To: <snort-users () lists sourceforge net> Date: Sat, 26 Apr 2003 20:43:23 -0400 Subject: [Snort-users] Barnyard Shell Script This is a multi-part message in MIME format. ------=_NextPart_000_0001_01C30C34.7B221610 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit I am trying to start barnyard from a shell script but am having some difficulty. I am runing multiple instances of barnyard, when I launch the shell script the first instance starts but the 2nd and 3rd instances fail. (I have intentionally rename the filenames so I can tell which one is which when they are running.) Redhat 9, Snort 2, and Barnyard 0.1.0. Here is the script I am trying to use: # # barnyardd Start/Stop the barnyard daemon # # chkconfig: 2345 20 # description: Starts the barnyard daemon # processname: barnyard # Source Function Library . /etc/rc.d/init.d/functions case "$1" in # # Barnyard All Interfaces # #Start All startall) #Inside echo -n "Starting Barnyard Inside: " daemon /usr/local/bin/barnyardin -c /usr/snort/etc/barnyardinside.conf \ -d /var/log/snort/inside -f snort.log -s /usr/snort/etc/sid-msg.map \ -g /usr/snort/etc/gen-msg.map touch /var/lock/subsys/barnyardin echo #DMZ echo -n "Starting Barnyard DMZ: " daemon /usr/local/bin/barnyarddmz -c /usr/snort/etc/barnyarddmz.conf \ -d /var/log/snort/dmz -f snort.log -s /usr/snort/etc/sid-msg.map \ -g /usr/snort/etc/gen-msg.map touch /var/lock/subsys/barnyarddmz echo #Outside echo -n "Starting Barnyard Outside: " daemon /usr/local/bin/barnyardout -c /usr/snort/etc/barnyardoutside.conf \ -d /var/log/snort/outside -f snort.log -s /usr/snort/etc/sid-msg.map \ -g /usr/snort/etc/gen-msg.map touch /var/lock/subsys/barnyardout echo ;; Here is my barnyard.conf, each of the conf files are the same except for the interface and hostname: #------------------------------------------------------------- # http://www.snort.org Barnyard 0.1.0 configuration file # Contact: snort-barnyard () lists sourceforge net #------------------------------------------------------------- # $Id: barnyard.conf,v 1.1.1.1 2002/12/02 20:51:35 andrewbaker Exp $ ######################################################## # Currently you want to do two things in here: turn on # available data processors and turn on output plugins. # The data processors (dp's) and output plugin's (op's) # automatically associate with each other by type and # are automatically selected at run time depending on # the type of file you try to load. ######################################################## # # Step 0: configuration declarations # To keep from having a commandline that uses every letter in the alphabet # most configuration options are set here # #enable daemon mode config daemon config hostname: DMZ config interface: eth1 config filter: processor dp_alert processor dp_log processor dp_stream_stat #output alert_fast #output log_dump # alert_syslog # log_pcap # acid_db #output alert_acid_db: mysql, sensor_id 1, database snort, server localhost, user *****, password ***** output log_acid_db: mysql, database snort, server localhost, user *****, password *****, detail full Thanks!! ------=_NextPart_000_0001_01C30C34.7B221610 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable <html xmlns:o=3D"urn:schemas-microsoft-com:office:office" = xmlns:w=3D"urn:schemas-microsoft-com:office:word" = xmlns:st1=3D"urn:schemas-microsoft-com:office:smarttags" = xmlns=3D"http://www.w3.org/TR/REC-html40";> <head> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3Dus-ascii"> <meta name=3DProgId content=3DWord.Document> <meta name=3DGenerator content=3D"Microsoft Word 10"> <meta name=3DOriginator content=3D"Microsoft Word 10"> <link rel=3DFile-List href=3D"cid:filelist.xml@01C30C34.52650250"> <o:SmartTagType = namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags" name=3D"time"/> <!--[if gte mso 9]><xml> <o:OfficeDocumentSettings> <o:DoNotRelyOnCSS/> </o:OfficeDocumentSettings> </xml><![endif]--><!--[if gte mso 9]><xml> <w:WordDocument> <w:GrammarState>Clean</w:GrammarState> <w:DocumentKind>DocumentEmail</w:DocumentKind> <w:EnvelopeVis/> = <w:DisplayHorizontalDrawingGridEvery>0</w:DisplayHorizontalDrawingGridEv e= ry> = <w:DisplayVerticalDrawingGridEvery>0</w:DisplayVerticalDrawingGridEvery> <w:UseMarginsForDrawingGridOrigin/> <w:Compatibility> <w:FootnoteLayoutLikeWW8/> <w:ShapeLayoutLikeWW8/> <w:AlignTablesRowByRow/> <w:ForgetLastTabAlignment/> <w:DoNotUseHTMLParagraphAutoSpacing/> <w:LayoutRawTableWidth/> <w:LayoutTableRowsApart/> <w:UseWord97LineBreakingRules/> </w:Compatibility> <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel> </w:WordDocument> </xml><![endif]--><!--[if !mso]> <style> st1\:*{behavior:url(#default#ieooui) } </style> <![endif]--> <style> <!-- /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} a:link, span.MsoHyperlink {color:blue; text-decoration:underline; text-underline:single;} a:visited, span.MsoHyperlinkFollowed {color:purple; text-decoration:underline; text-underline:single;} span.EmailStyle17 {mso-style-type:personal-compose; mso-style-noshow:yes; mso-ansi-font-size:10.0pt; mso-bidi-font-size:10.0pt; font-family:Arial; mso-ascii-font-family:Arial; mso-hansi-font-family:Arial; mso-bidi-font-family:Arial; color:windowtext;} span.GramE {mso-style-name:""; mso-gram-e:yes;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section1;} --> </style> <!--[if gte mso 10]> <style> /* Style Definitions */=20 table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman";} </style> <![endif]--> </head> <body lang=3DEN-US link=3Dblue vlink=3Dpurple = style=3D'tab-interval:.5in'> <div class=3DSection1> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>I am trying to start barnyard from a shell script but = am having some difficulty… I am runing multiple instances of = barnyard, when I launch the shell script the first instance starts but the 2nd and 3rd = instances fail. <span style=3D'mso-spacerun:yes'> </span>(I have = intentionally rename the filenames so I can tell which one is which when they are running.) = <span class=3DGramE>Redhat 9, Snort 2, and Barnyard 0.1.0.</span><span style=3D'mso-spacerun:yes'> </span>Here is the script I am trying = to use:<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>#<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'># <span class=3DGramE>barnyardd</span><span style=3D'mso-spacerun:yes'> </span>Start/Stop the barnyard daemon<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>#<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'># <span class=3DGramE>chkconfig</span>: 2345 = 20<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'># <span class=3DGramE>description</span>: Starts the = barnyard daemon<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'># <span class=3DGramE>processname</span>: = barnyard<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'># Source Function = Library<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>. = /etc/rc.d/init.d/functions<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><span class=3DGramE><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>case</span></font></span><f o= nt face=3DArial><span style=3D'font-family:Arial'> "$1" = in<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>#<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'># Barnyard All = Interfaces<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>#<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>#Start All<o:p></o:p></span></font></p> <p class=3DMsoNormal><span class=3DGramE><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>startall</span></font></spa n=
<font
face=3DArial><span = style=3D'font-family:Arial'>)<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>#Inside<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span = style=3D'mso-tab-count:1'> &nbs p= ; </span><span class=3DGramE>echo</span> -n "Starting Barnyard Inside: = "<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span = style=3D'mso-tab-count:1'> &nbs p= ; </span><span class=3DGramE>daemon</span> /usr/local/bin/barnyardin -c /usr/snort/etc/barnyardinside.conf \<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span = style=3D'mso-tab-count:1'> &nbs p= ; </span>-<span class=3DGramE>d</span> /var/log/snort/inside -f snort.log -s /usr/snort/etc/sid-msg.map \<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span = style=3D'mso-tab-count:1'> &nbs p= ; </span>-g /usr/snort/etc/gen-msg.map<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span = style=3D'mso-tab-count:1'> &nbs p= ; </span><span class=3DGramE>touch</span> = /var/lock/subsys/barnyardin<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span = style=3D'mso-tab-count:1'> &nbs p= ; </span><span class=3DGramE>echo</span><o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>#DMZ<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span = style=3D'mso-tab-count:1'> &nbs p= ; </span><span class=3DGramE>echo</span> -n "Starting Barnyard DMZ: = "<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span = style=3D'mso-tab-count:1'> &nbs p= ; </span><span class=3DGramE>daemon</span> /usr/local/bin/barnyarddmz -c /usr/snort/etc/barnyarddmz.conf \<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span = style=3D'mso-tab-count:1'> &nbs p= ; </span>-<span class=3DGramE>d</span> /var/log/snort/dmz -f snort.log -s /usr/snort/etc/sid-msg.map \<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span = style=3D'mso-tab-count:1'> &nbs p= ; </span>-g /usr/snort/etc/gen-msg.map<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span = style=3D'mso-tab-count:1'> &nbs p= ; </span><span class=3DGramE>touch</span> = /var/lock/subsys/barnyarddmz<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span = style=3D'mso-tab-count:1'> &nbs p= ; </span><span class=3DGramE>echo</span><o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>#Outside<o:p></o:p></span></font></p> <p class=3DMsoNormal style=3D'text-indent:.5in'><span = class=3DGramE><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt;font-family:Arial'>echo</span></font></span><f o= nt face=3DArial><span style=3D'font-family:Arial'> -n "Starting = Barnyard Outside: "<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span = style=3D'mso-tab-count:1'> &nbs p= ; </span><span class=3DGramE>daemon</span> /usr/local/bin/barnyardout -c /usr/snort/etc/barnyardoutside.conf \<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span = style=3D'mso-tab-count:1'> &nbs p= ; </span>-<span class=3DGramE>d</span> /var/log/snort/outside -f snort.log -s /usr/snort/etc/sid-msg.map \<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span = style=3D'mso-tab-count:1'> &nbs p= ; </span>-g /usr/snort/etc/gen-msg.map<o:p></o:p></span></font></p> <p class=3DMsoNormal style=3D'text-indent:.5in'><span = class=3DGramE><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt;font-family:Arial'>touch</span></font></span>< f= ont face=3DArial><span style=3D'font-family:Arial'> = /var/lock/subsys/barnyardout<o:p></o:p></span></font></p> <p class=3DMsoNormal style=3D'text-indent:.5in'><span = class=3DGramE><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt;font-family:Arial'>echo</span></font></span><f o= nt face=3DArial><span = style=3D'font-family:Arial'><o:p></o:p></span></font></p> <p class=3DMsoNormal style=3D'text-indent:.5in'><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>;;<o:p></o:p></span></font> <= /p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>Here is my barnyard.conf, each of the conf files are = the same except for the interface and hostname:<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>#---------------------------------------------------- -= --------<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>#<span style=3D'mso-spacerun:yes'> </span>http://www.snort.org<span = style=3D'mso-spacerun:yes'> </span>Barnyard 0.1.0 configuration file<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>#<span style=3D'mso-spacerun:yes'> &nb s= p; </span>Contact: = snort-barnyard () lists sourceforge net<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>#---------------------------------------------------- -= --------<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'># $Id: barnyard.conf<span class=3DGramE>,v</span> = 1.1.1.1 2002/12/02 </span></font><st1:time Hour=3D"20" Minute=3D"51"><font = face=3DArial><span style=3D'font-family:Arial'>20:51:35</span></font></st1:time><font = face=3DArial><span style=3D'font-family:Arial'> andrewbaker Exp = $<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>##################################################### #= ##<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'># <span class=3DGramE>Currently</span> you want to do = two things in here: turn on <o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'># <span class=3DGramE>available</span> data = processors and turn on output plugins.<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'># <span class=3DGramE>The</span> data processors = (dp's) and output plugin's (op's)<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'># <span class=3DGramE>automatically</span> associate = with each other by type and<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'># are automatically selected at run time depending on = <o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'># <span class=3DGramE>the</span> type of file you try = to load.<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>##################################################### #= ##<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>#<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'># Step 0: configuration = declarations<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'># <span class=3DGramE>To</span> keep from having a = commandline that uses every letter in the alphabet<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'># <span class=3DGramE>most</span> configuration = options are set here<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>#<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>#enable daemon mode<o:p></o:p></span></font></p> <p class=3DMsoNormal><span class=3DGramE><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>config</span></font></span> <= font face=3DArial><span style=3D'font-family:Arial'> = daemon<o:p></o:p></span></font></p> <p class=3DMsoNormal><span class=3DGramE><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>config</span></font></span> <= font face=3DArial><span style=3D'font-family:Arial'> hostname: = DMZ<o:p></o:p></span></font></p> <p class=3DMsoNormal><span class=3DGramE><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>config</span></font></span> <= font face=3DArial><span style=3D'font-family:Arial'> interface: = eth1<o:p></o:p></span></font></p> <p class=3DMsoNormal><span class=3DGramE><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>config</span></font></span> <= font face=3DArial><span style=3D'font-family:Arial'> = filter:<o:p></o:p></span></font></p> <p class=3DMsoNormal><span class=3DGramE><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>processor</span></font></sp a= n><font face=3DArial><span style=3D'font-family:Arial'> = dp_alert<o:p></o:p></span></font></p> <p class=3DMsoNormal><span class=3DGramE><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>processor</span></font></sp a= n><font face=3DArial><span style=3D'font-family:Arial'> = dp_log<o:p></o:p></span></font></p> <p class=3DMsoNormal><span class=3DGramE><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>processor</span></font></sp a= n><font face=3DArial><span style=3D'font-family:Arial'> = dp_stream_stat<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>#output alert_fast<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>#output log_dump<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'># alert_syslog<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'># log_pcap<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'># acid_db<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>#output alert_acid_db: mysql, sensor_id 1, database = snort, server localhost, user *****, password = *****<o:p></o:p></span></font></p> <p class=3DMsoNormal><span class=3DGramE><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>output</span></font></span> <= font face=3DArial><span style=3D'font-family:Arial'> log_acid_db: mysql, = database snort, server localhost, user *****, password *****, detail = full<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>Thanks!!<o:p></o:p></span></font></p> </div> </body> </html> ------=_NextPart_000_0001_01C30C34.7B221610-- --__--__-- _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-users End of Snort-users Digest ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- unsubscribe Lieberg, Mark (Apr 27)