Snort mailing list archives
Re: Barnyard not inserting into acid_*
From: sekure <sekure () gmail com>
Date: Wed, 23 Jun 2004 10:16:51 -0400
You only need log_acid_db, since alert_acid_db will only duplicate the entries... But that's not the root of your issue. Do you have the snort database and tables created in the database? Can you connect to the database with mysql client with the root user and manipulate the tables? Enable error logging on the mysql server and see what barnyard is trying to do. On Wed, 23 Jun 2004 12:20:00 +1000, Rudi Starcevic <tech () wildcash com> wrote:
Hi, I've got Snort, Mysql, Acid and Barnyard installed and running OK on FreeBSD with one small hitch. So far I'm unable to get Barnyard to insert into any of the 4 acid_* tables. I can't see where I'm going wrong and have been trying on and off for a couple days so I though I'd ask. After running the commands: /usr/local/barnyard/bin/barnyard -c /usr/local/snort/etc/barnyard.conf -o /var/log/snort/snort.alert.1087948218 /usr/local/barnyard/bin/barnyard -c /usr/local/snort/etc/barnyard.conf -o /var/log/snort/snort.log.1087948218 The binary log files are processed without error but no data is inserted into the acid tables, only the standard snort tables. I have this in my snort.conf: output alert_unified: filename snort.alert, limit 128 output log_unified: filename snort.log, limit 128 and this in my barnyard.conf: output alert_acid_db: mysql, sensor_id 1, database snort, server localhost, user root, password xxxxx, detail full output log_acid_db: mysql, sensor_id 1, database snort, server localhost, user root, password xxxxx, detail full Can you see where I may be going wrong and how I may fix it ?? Many thanks Kind regards Rudi. ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Barnyard not inserting into acid_* Rudi Starcevic (Jun 22)
- Re: Barnyard not inserting into acid_* sekure (Jun 23)
- Re: Barnyard not inserting into acid_* Rudi Starcevic (Jun 23)
- <Possible follow-ups>
- RE: Barnyard not inserting into acid_* VanBrecht, Jason (Jun 24)
- Re: Barnyard not inserting into acid_* sekure (Jun 24)
- Re: Barnyard not inserting into acid_* Rudi Starcevic (Jun 24)
- Re: Barnyard not inserting into acid_* sekure (Jun 23)