Snort mailing list archives

Previous By Date Next
Previous By Thread Next

ACID not displaying data from Barnyard

From: "Francis A. Vidal" <francisv-sender-58ad63 () irc dagupan com>
Date: Fri, 8 Aug 2003 10:28:37 +0800
Hi all,

I have Snort 2.0.1 running with Barnyard 0.1.0 logging it to a MySQL
(3.23.51) DB. I can confirm that Barnyard is successfully logging data by
inspecting the event table:

mysql> select count(*) from event;
+----------+
| count(*) |
+----------+
|     8691 |
+----------+
1 row in set (0.01 sec)

However, when I open up ACID (I have to versions running parallel, v0.9.6b24
and v0.9.6b23), I couldn't see anything! Here's a sample data from the event
table:

 sid cid signature timestamp
  1     1        3       2003-08-08 00:22:00
  1     2        3       2003-08-08 00:22:01
  1     3        3       2003-08-08 00:22:22

I'm running Snort and Barnyard using these command lines:

snort -dDo -i xl0 -l /var/log/snort -c /usr/local/etc/snort.conf

barnyard -D -c /usr/local/etc/barnyard.conf \
   -s /usr/local/share/snort/sid-msg.map \
   -g /usr/local/share/snort/gen-msg.map \
   -w /usr/local/var/barnyard/checkpoint \
   -d /var/log/snort \
   -f snort.log

Snort is logging using these output plugins:

output log_tcpdump: tcpdump.log
output alert_unified: filename snort.alert, limit 50
output log_unified: filename snort.log, limit 50

Barnyard is configured to write to the MySQL DB using this:

output log_acid_db: mysql, sensor_id 1, database dbname,
    server localhost, user dbuser, password dbpasswd, detail full

The files inside /var/log/snort:
        alert
        scan.log
        snort.alert.1060302116
        snort.log.1060302116
        tcpdump.log.1060302116

---
 francis a. vidal [bitstop network services] | http://www.bnshosting.net
 streaming media + web hosting               | http://www.bitstop.ph
 v(02)330-2871,(02)330-2872; f(02)330-2873   | http://www.kuro.ph


-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: