Snort mailing list archives
AW: acid - barnyard - payload
From: Jochen Vogel <jvogel () it-sec de>
Date: Wed, 8 Oct 2003 14:37:26 +0200
hi, i recreated the snortDB. barnlog didn´t read the sid and create the sid2. this is my barnyard.conf #config localtime config hostname: sensor2 config interface: x config filter: x processor dp_alert processor dp_log processor dp_stream_stat #output alert_fast #output log_dump #output alert_syslog #output log_pcap output alert_acid_db: mysql, database snort, server localhost, user sensor output log_acid_db: mysql, database snort, server localhost, user sensor, detail full ------------------------------------------------ /etc/init.d/barnalert Loading Data Processors... dp_alert loaded dp_log loaded dp_stream_stat loaded Loading Built-in Output Plugins... Fast Alert plugin initialized AlertSyslog initialized Log Dump plugin initialized LogPcap initialized AcidDb output plugin initialized AlertCSV initialized Parsing Config file: /opt/sentinel/sensor/conf/barnyard.conf Args: mysql, database snort, server localhost, user sensor Args: mysql, database snort, server localhost, user sensor, detail full Barnyard Version 0.1.0 (Build 17) started AcidDbOpStart sensor_id == 1 OpAcidDB configuration details Database Flavour: mysql Detail Level: Fast Database Server: localhost Database User: sensor SensorID: 1 AcidDbOpStart Complete Exiting AcidDbOpStop ------------------------------------------------------ Loading Data Processors... dp_alert loaded dp_log loaded dp_stream_stat loaded Loading Built-in Output Plugins... Fast Alert plugin initialized AlertSyslog initialized Log Dump plugin initialized LogPcap initialized AcidDb output plugin initialized AlertCSV initialized Parsing Config file: /opt/sentinel/sensor/conf/barnyard.conf Args: mysql, database snort, server localhost, user sensor Args: mysql, database snort, server localhost, user sensor, detail full Barnyard Version 0.1.0 (Build 17) started AcidDbOpStart sensor_id == 2 OpAcidDB configuration details Database Flavour: mysql Detail Level: Full Database Server: localhost Database User: sensor SensorID: 2 AcidDbOpStart Complete Exiting AcidDbOpStop ------------------------------------------------------ mysql -e "select * from sensor" snort +-----+----------+-----------+--------+--------+----------+----------+ | sid | hostname | interface | filter | detail | encoding | last_cid | +-----+----------+-----------+--------+--------+----------+----------+ | 1 | sensor2 | x | x | 0 | 0 | 0 | | 2 | sensor2 | x | x | 1 | 0 | 0 | +-----+----------+-----------+--------+--------+----------+----------+
-----Ursprüngliche Nachricht----- Von: Jochen Vogel [mailto:jvogel () it-sec de] Gesendet: Dienstag, 7. Oktober 2003 14:49 An: snort-users () lists sourceforge net Betreff: [Snort-users] acid - barnyard - payload hi, i use snort -> barnyard -> mysql <-acid and want to show the payloads. is use 2 barnyard scripts: barnalert for the alert file barnlog for the log file if i run barnalert i get messages but no payload if i run barnlog i get nothing if i run both barnalert get SID1 and barnlog get SID2 but acid shows SID1 only without payload if i run both and give barnlog SID1 i get an error message because duplicate entries. how can i show the payload? thx for help jo ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- AW: acid - barnyard - payload Jochen Vogel (Oct 08)
- <Possible follow-ups>
- AW: acid - barnyard - payload Jochen Vogel (Oct 09)
- AW: acid - barnyard - payload Jochen Vogel (Oct 13)