Snort mailing list archives
Re: Barnyard syslog problem
From: "Jefferson, Shawn" <Shawn.Jefferson () bcferries com>
Date: Wed, 8 Jul 2009 16:54:54 -0600
Looking into running two output plugins (one for alert and one for log unified files) with one barnyard instance, and the configuration allows me to specifc both, and testing with -R shows both, but how does the bookmark file work in this scenario? Any barnyard experts know? Do you have to run two instances if you want to process both the alert and log unified files with barnyard? The bookmark file looks like this (for my alert barnyard): /var/log/snort snort.alert 1246658739 205 Thanks, Shawn ________________________________ From: Jefferson, Shawn [mailto:Shawn.Jefferson () bcferries com] Sent: July 08, 2009 3:27 PM To: Joel Esler Cc: Snort Users Subject: Re: [Snort-users] Barnyard syslog problem Hi Joel, I'm using two separate waldo files, and I was also under the impression that you HAVE to run two separate barnyard instances if you want to do what I am trying to do (send log to BASE and send alert to syslog). Do you know differently? (I did try it originally it it didn't work.) ________________________________ From: Joel Esler [mailto:jesler () sourcefire com] Sent: July 08, 2009 3:21 PM To: Jefferson, Shawn Cc: Snort Users Subject: Re: [Snort-users] Barnyard syslog problem On Wed, Jul 8, 2009 at 6:06 PM, Jefferson, Shawn <Shawn.Jefferson () bcferries com<mailto:Shawn.Jefferson () bcferries com>> wrote: /usr/local/bin/barnyard -c /etc/snort/barnyard-alert.conf -g /etc/snort/gen-msg.map -s /etc/snort/sid-msg.map -d /var/log/snort -f snort.alert -w /etc/snort/byalert.waldo -a /tmp/ & <Shot in the dark to eliminate stupid things> Are you using the same waldo file for both barnyard instances? Wait, why are you running two barnyards? use one. The one that works. J -- joel esler | Sourcefire | AIM: eslerjoel | 302-223-5974 -- joel esler | Sourcefire | AIM: eslerjoel | 302-223-5974
------------------------------------------------------------------------------ Enter the BlackBerry Developer Challenge This is your chance to win up to $100,000 in prizes! For a limited time, vendors submitting new applications to BlackBerry App World(TM) will have the opportunity to enter the BlackBerry Developer Challenge. See full prize details at: http://p.sf.net/sfu/Challenge
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Barnyard syslog problem Jefferson, Shawn (Jul 08)
- Re: Barnyard syslog problem Joel Esler (Jul 08)
- Re: Barnyard syslog problem Jefferson, Shawn (Jul 08)
- Re: Barnyard syslog problem Joel Esler (Jul 08)
- Re: Barnyard syslog problem Jefferson, Shawn (Jul 08)
- Re: Barnyard syslog problem Jefferson, Shawn (Jul 08)
- Re: Barnyard syslog problem Jefferson, Shawn (Jul 08)
- Re: Barnyard syslog problem Joel Esler (Jul 08)
- Re: Barnyard syslog problem Skip Carter (Jul 08)
- Re: Barnyard syslog problem firnsy (Jul 09)
- Re: Barnyard syslog problem Jefferson, Shawn (Jul 08)
- Re: Barnyard syslog problem Joel Esler (Jul 08)