Snort mailing list archives
Making zero headway with barnyard
From: Michael Miller <michael.miller () state co us>
Date: Thu, 18 Mar 2004 15:23:13 -0700
(see bottom of email for germane configs) I've got a snort system up and running with Mysql and ACID on a Suse 8.2 box, all compiled from code, all works as advertised. I can't get Barnyard to work...at all. Can you see anything obvious I'm missing? ===============Details=================== I've built Snort with './configure --with-mysql=/usr/local/mysql' and it generates a makefile with mysql support just fine. I've built Barnyard (both 0.1.0 and 0.2.0) using './configure --with-mysql' and see no output referencing MySql. The snort.conf on the sensor is writing unified alert and log files. The command to run snort is: '-c /home/ids/rules/snort.conf -l /home/ids/logs -D -i eth1' I've FINALLY got barnyard to stop complaining about bad magic numbers by removing the -Xbed flags. I can't get Barnyard to generate ANY outputs, it gives 'Unknown output plugin "XXX" referenced, ignoring! Where XXX = log_acid_db, log_dump, log_pcap or alert_acid_db I'm calling barnyard with: barnyard -c /etc/snort/barnyard.ids3.conf -d /home/idsdb/logs/ids3 -f snort.log -R The relevant part of the sensor's snort.conf is: =========== ## Output Modules ## -------------- #output database: log, mysql, dbname=db user=root host=localhost password=test #output log_tcpdump: tcpdump.log output log_unified: filename snort.log, limit 128 # #output alert_syslog: LOG_AUTH LOG_ALERT output alert_unified: filename snort.alert, limit 128 ============ The relevant part of barnyard.ids3.conf is: ============ # acid_db #------------------------------- # Available as both a log and alert output plugin. Used to output data into # the db schema used by ACID # Arguments: # $db_flavor - what flavor of database (ie, mysql) # sensor_id $sensor_id - integer sensor id to insert data as # database $database - name of the database # server $server - server the database is located on # user $user - username to connect to the database as # password $password - password for database authentication # output alert_acid_db: mysql, sensor_id 1, database snort, server localhost, user root # output log_acid_db: mysql, database snort, server localhost, user root, detail full #output alert_acid_db: mysql, sensor_id 1, database snort, server localhost, user snortuser, password snortpassword output log_acid_db: mysql, database snort, server localhost, user snortuser, password snortuser, detail full ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Making zero headway with barnyard Michael Miller (Mar 18)
- Re: Making zero headway with barnyard Bamm Visscher (Mar 18)
- <Possible follow-ups>
- RE: Making zero headway with barnyard Michael Miller (Mar 19)
- Re: Making zero headway with barnyard Bamm Visscher (Mar 19)
- RE: Making zero headway with barnyard Michael Miller (Mar 19)