Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Barnyard not reporting to syslog-ng

From: "Billy Marshall" <Billy.Marshall () state co us>
Date: Fri, 22 May 2009 08:38:33 -0600
Hi all,            (apologies for any duplicate emails)
 
I have searched and fiddled with Barnyard for about a month and I am unable to get it to report to syslog-ng. I have 
been able to get Snort to report so the syslog-ng.conf.in file is correct.
 
Also, When I issue the following it appears in the /var/log/snort/snort.alert log file:
 
logger -p local3.notice "THIS IS AN ALARMING ALARM"
 
Here are my configurations (I am on a DL380 G5 server running SuSE 10 r2)
I have scripts to start and stop snort and barnyard 
to reload syslog-ng.conf.in 
SuSEconfig --module syslog-ng 

syslog-ng.conf.in 
filter f_local3 { facility(local3); }; 
# Send SNORT local3 logs to remote syslog daemon: 
destination snortlogremote { udp("xxx.xxx.xxx.xxx"); }; 
log { source(src); filter(f_local3); destination(snortlogremote); }; 
# Send SNORT local3 logs to logging file: 
destination snortlogs { file("/var/log/snort/snort.alert"); }; 
log { source(src); filter(f_local3); destination(snortlogs); }; 

Snort.conf 
output alert_unified: filename Snort.alert, limit 128 
output log_unified: filename Snort.log, limit 128 

Barnyard.conf (I have tried both of these but not at the same time) 
output alert_syslog: LOG_AUTH | LOG_ALERT 
output alert_syslog2: severity:ALERT; facility:LOCAL3; syslog_host:localhost; 
 
This is var/log/messages 
I never get any new data via syslog-NG 
but my database is growing. 

barnyard[6635]: Exiting 
barnyard[32477]: Initializing daemon mode 
barnyard[32478]: Opened spool file '/var/log/snort/Snort.log.1242239309' 
barnyard[32478]: Waiting for new data 

Any help would be very appreciated
 
Cheers.

------------------------------------------------------------------------------
Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT
is a gathering of tech-side developers & brand creativity professionals. Meet
the minds behind Google Creative Lab, Visual Complexity, Processing, & 
iPhoneDevCamp asthey present alongside digital heavyweights like Barbarian
Group, R/GA, & Big Spaceship. http://www.creativitycat.com 
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: