Re: Barnyard syslog problem

["Jefferson, Shawn" <Shawn.Jefferson () bcferries com>]

Hi Joel,

I'm using two separate waldo files, and I was also under the impression that you HAVE to run two separate barnyard 
instances if you want to do what I am trying to do (send log to BASE and send alert to syslog).  Do you know 
differently?  (I did try it originally it it didn't work.)



________________________________
From: Joel Esler [mailto:jesler () sourcefire com]
Sent: July 08, 2009 3:21 PM
To: Jefferson, Shawn
Cc: Snort Users
Subject: Re: [Snort-users] Barnyard syslog problem

On Wed, Jul 8, 2009 at 6:06 PM, Jefferson, Shawn <Shawn.Jefferson () bcferries com<mailto:Shawn.Jefferson () bcferries 
com>> wrote:

/usr/local/bin/barnyard -c /etc/snort/barnyard-alert.conf -g /etc/snort/gen-msg.map -s /etc/snort/sid-msg.map -d 
/var/log/snort -f snort.alert -w /etc/snort/byalert.waldo -a /tmp/ &
<Shot in the dark to eliminate stupid things>
Are you using the same waldo file for both barnyard instances?

Wait, why are you running two barnyards?  use one.  The one that works.

J



--
joel esler | Sourcefire | AIM: eslerjoel | 302-223-5974



--
joel esler | Sourcefire | AIM: eslerjoel | 302-223-5974

------------------------------------------------------------------------------
Enter the BlackBerry Developer Challenge  
This is your chance to win up to $100,000 in prizes! For a limited time, 
vendors submitting new applications to BlackBerry App World(TM) will have
the opportunity to enter the BlackBerry Developer Challenge. See full prize  
details at: http://p.sf.net/sfu/Challenge

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users