Snort mailing list archives

Re: Barnyard not logging alert classification


From: Martin Roesch <roesch () sourcefire com>
Date: Tue, 17 Aug 2004 10:10:39 -0400

Try Barnyard 0.2.0, there was a lot of work done on Barnyard 0.2.0 to fix problems in the 0.1.0 implementation and streamline Barnyard's operation. Give it a shot!

     -Marty

On Aug 17, 2004, at 3:51 AM, Francis A. Vidal wrote:

Hi,

It appears that barnyard is not logging the alert classification. All I
can see from ACID are "unclassified" alerts. I'm running snort 2.2.0 and
barnyard 0.1.0. Here's my barnyard.conf file:

config daemon
config interface: bridge0
config filter: not port 22

processor dp_alert
processor dp_log
processor dp_stream_stat

output log_acid_db: mysql, sensor_id 1, database snort, server
<server_ip>, user snort, password <password>, detail full

And here's the entry in /var/log/messages when barnyard starts:

Aug 17 15:49:33 ids barnyard: AcidDbOpStop
Aug 17 15:49:38 ids barnyard: Args: mysql, sensor_id 1, database snort,
serve
Aug 17 15:49:38 ids barnyard: Initializing daemon mode
Aug 17 15:49:39 ids barnyard: Barnyard Version 0.1.0 (Build 17) started
Aug 17 15:49:39 ids barnyard: AcidDbOpStart
Aug 17 15:49:39 ids barnyard: OpAcidDB configuration details
Aug 17 15:49:39 ids barnyard: Database Flavour: mysql
Aug 17 15:49:39 ids barnyard: Detail Level: Full
Aug 17 15:49:39 ids barnyard: Database Server: 202.91.161.144
Aug 17 15:49:39 ids barnyard: Database User: snort
Aug 17 15:49:39 ids barnyard: SensorID: 1
Aug 17 15:49:39 ids barnyard: AcidDbOpStart Complete

/Francis


-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


--
Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616
Sourcefire: Intelligent Security Monitoring
roesch () sourcefire com - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org



-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


Current thread: