Snort mailing list archives
Barnyard and log_dump
From: "Paul Melson" <pmelson () gmail com>
Date: Tue, 12 Sep 2006 17:00:19 -0400
I'm trying to get barnyard-0.2.0 and snort-2.4.5 working on a new sensor. I'm trying to get barnyard to log with 'log_dump' output. It looks like I have it configured correctly, but when events are triggered, I see a change in the mtime of the snort.alert.* unified files from snort as well as the barnyard snort-bookmark waldo file, but snort.out is never created. I've verified that file permissions are not the issue. I'm sure it's something stupid, but I'm stuck. Any ideas? $ cat barnyard-deep.conf config daemon config localtime config hostname: convict config interface: eth1 config sid-msg-map: /opt/snort/rules/sid-msg.map config class-file: /opt/snort/rules/classification.config output log_dump: /opt/barnyard/snort.out $ /opt/barnyard/barnyard -c /opt/barnyard/barnyard.conf -d /opt/snort/var/log/snort -f snort.alert -w /opt/barnyard/snort-bookmark -X /var/run/by.pid -L /opt/barnyard -vvvv -R Barnyard Version 0.2.0 (Build 32) Command line arguments: Config file: /opt/barnyard/barnyard.conf Spool dir: /opt/snort/var/log/snort Gen-msg file: Not specified Sid-msg file: Not specified Class file: Not specified Log dir: /opt/barnyard Archive dir: Not specified File base: snort.alert Waldo file: /opt/barnyard/snort-bookmark Pid file: /var/run/by.pid Verbosity level: 4 Dry run flag: Set Batch mode flag: Not Set Daemon flag: Not Set New records only flag: Not Set Usage flag: Not Set Version flag: Not Set Config file variables: Hostname: snort Interface: eth1 BPF Filter: Not specified Class file: /opt/snort/rules/classification.config Sid-msg file: /opt/snort/rules/sid-msg.map Gen-msg file: /opt/snort/rules/gen-msg.map Daemon flag: Not Set Localtime flag: Set Starting data processing using information from bookmark file Program Variables: Continual processing mode Config dir: /opt/barnyard Config file: /opt/barnyard/barnyard.conf Sid-msg file: /opt/snort/rules/sid-msg.map Gen-msg file: /opt/snort/rules/gen-msg.map Class file: /opt/snort/rules/classification.config Hostname: snort Interface: eth1 BPF Filter: Log dir: /opt/barnyard Verbosity: 4 Localtime: 1 Spool dir: /opt/snort/var/log/snort Spool file: snort.alert Bookmark file: /opt/barnyard/snort-bookmark Record Number: 36 Timet: 1158033662 Start at end: 0 Output plugins enabled for 'alert' records ------------------------------------------------------- None configured ======================================================= Output plugins enabled for 'log' records ------------------------------------------------------- OpLogDump configured Filename: /opt/barnyard/snort.out ======================================================= Output plugins enabled for 'stream_stat' records ------------------------------------------------------- None configured ======================================================= Thanks, PaulM ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Barnyard and log_dump Paul Melson (Sep 12)
- Re: Barnyard and log_dump Bamm Visscher (Sep 12)