Snort mailing list archives
Re: Barnyard2 conf syntax for syslog
From: "Jefferson, Shawn" <Shawn.Jefferson () bcferries com>
Date: Fri, 4 Sep 2009 15:24:14 -0600
Really? When I try that (with an ip address not a hostname), I get this message in the daemon.log: Sep 4 14:18:22 bcfids02 barnyard2: WARNING => Unrecognized syslog facility/priority: 1.1.1.1 My output line in the barnyard2.conf file is: output alert_syslog: 172.16.8.196 LOG_AUTH LOG_INFO I even tried LOG_AUTH_LOG_INFO like in your email, which I think is a type, but it didn't work either (same message in the daemon.log). -----Original Message----- From: Paul Schmehl [mailto:pschmehl_lists () tx rr com] Sent: Friday, September 04, 2009 1:43 PM To: Jefferson, Shawn; snort-users () lists sourceforge net Subject: RE: [Snort-users] Barnyard2 conf syntax for syslog Yes, I did mean colon, not semi-colon. I tested that config on my sensor, and it worked fine. IOW, "output alert_syslog: hostname.utdallas.edu LOG_AUTH_LOG_INFO" worked for me. Note that there are no commas separating the values of the various attributes, just spaces. I tested this on a working install of barnyard2 on amd64 FreeBSD 7.2. --On Friday, September 04, 2009 14:21:04 -0500 "Jefferson, Shawn" <Shawn.Jefferson () bcferries com> wrote:
That was just a typo in my email, I have the colon (you mean colon not semi-colon right?) in the conf file.
-- Paul Schmehl, Senior Infosec Analyst As if it wasn't already obvious, my opinions are my own and not those of my employer. ******************************************* "It is as useless to argue with those who have renounced the use of reason as to administer medication to the dead." Thomas Jefferson ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Barnyard2 conf syntax for syslog Paul Schmehl (Sep 07)
- Re: Barnyard2 conf syntax for syslog Jefferson, Shawn (Sep 07)
- Re: Barnyard2 conf syntax for syslog Paul Schmehl (Sep 07)
- Re: Barnyard2 conf syntax for syslog Jefferson, Shawn (Sep 07)
- Message not available
- Message not available
- Re: Barnyard2 conf syntax for syslog Jefferson, Shawn (Sep 07)
- Re: Barnyard2 conf syntax for syslog Jefferson, Shawn (Sep 07)
- Re: Barnyard2 conf syntax for syslog firnsy (Sep 07)
- Re: Barnyard2 conf syntax for syslog Paul Schmehl (Sep 07)
- Re: Barnyard2 conf syntax for syslog Jefferson, Shawn (Sep 07)
- Re: Barnyard2 conf syntax for syslog Jefferson, Shawn (Sep 07)