Snort mailing list archives
Re: Barnyard not logging alert classification
From: Martin Roesch <roesch () sourcefire com>
Date: Tue, 17 Aug 2004 10:10:39 -0400
Try Barnyard 0.2.0, there was a lot of work done on Barnyard 0.2.0 to fix problems in the 0.1.0 implementation and streamline Barnyard's operation. Give it a shot!
-Marty On Aug 17, 2004, at 3:51 AM, Francis A. Vidal wrote:
Hi, It appears that barnyard is not logging the alert classification. All Ican see from ACID are "unclassified" alerts. I'm running snort 2.2.0 andbarnyard 0.1.0. Here's my barnyard.conf file: config daemon config interface: bridge0 config filter: not port 22 processor dp_alert processor dp_log processor dp_stream_stat output log_acid_db: mysql, sensor_id 1, database snort, server <server_ip>, user snort, password <password>, detail full And here's the entry in /var/log/messages when barnyard starts: Aug 17 15:49:33 ids barnyard: AcidDbOpStop Aug 17 15:49:38 ids barnyard: Args: mysql, sensor_id 1, database snort, serve Aug 17 15:49:38 ids barnyard: Initializing daemon mode Aug 17 15:49:39 ids barnyard: Barnyard Version 0.1.0 (Build 17) started Aug 17 15:49:39 ids barnyard: AcidDbOpStart Aug 17 15:49:39 ids barnyard: OpAcidDB configuration details Aug 17 15:49:39 ids barnyard: Database Flavour: mysql Aug 17 15:49:39 ids barnyard: Detail Level: Full Aug 17 15:49:39 ids barnyard: Database Server: 202.91.161.144 Aug 17 15:49:39 ids barnyard: Database User: snort Aug 17 15:49:39 ids barnyard: SensorID: 1 Aug 17 15:49:39 ids barnyard: AcidDbOpStart Complete /Francis ------------------------------------------------------- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616 Sourcefire: Intelligent Security Monitoring roesch () sourcefire com - http://www.sourcefire.com Snort: Open Source Network IDS - http://www.snort.org ------------------------------------------------------- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Barnyard not logging alert classification Francis A. Vidal (Aug 17)
- Re: Barnyard not logging alert classification Martin Roesch (Aug 17)