Snort mailing list archives
Re: Barnyard: Syslog output FAIL!
From: Nick Moore <nmoore () sourcefire com>
Date: Fri, 13 Nov 2009 12:25:32 -0600
Wilson, I covered this in my setup guides on Snort.org. Please download either the Fedora or Ubuntu version and give it a shot. Sent from my mobile device. Nick Moore Phone 708-336-9041 Email nmoore () Sourcefire com On Nov 13, 2009, at 10:57, "Chan, Wilson" <wchan () honolulu gov> wrote:
Is there any howto's on getting barnyard2 working? I tried google and didn't seem to find any complete configs and templates on getting barnyard2 working with mysql and syslog. ----- Original Message ----- From: Jason Wallace <jason.r.wallace () gmail com> To: snort-users () lists sourceforge net <snort-users () lists sourceforge netSent: Fri Nov 13 04:26:26 2009 Subject: Re: [Snort-users] Barnyard: Syslog output FAIL! I would recommend having snort output using the unified2 format and use barnyard2 http://www.securixlive.com/barnyard2/download.php The unified2 format has both the alert and log information in one file so you only need one instance of barnyard2. The original barnyard is outdated, unmaintained, and does not support unified2. You're not likely to get a lot of help using the original version of barnyard. On Thu, Nov 12, 2009 at 9:37 PM, Chan, Wilson <wchan () honolulu gov> wrote:Why is barnyard not outputting to syslog? Configurations below: What is driving me nuts is when I run in batch mode for snort.log nothing happens on syslog but as soon as I run batch mode in alert it get output. How do you get syslog to report on the snort.log files in daemon mode? barnyard -o snort.log.1258079148 –v barnyard -o snort.alert.1258079148 -v ==barnyard.conf== config daemon config localtime config hostname: snort-test-laptop config interface: eth2 output log_dump output alert_syslog: LOG_LOCAL4 LOG_ALERT ==/etc/syslog.conf== #Output logs from Barnyard to Syslog Server (remote) local4.* @192.168.1.1 Wilson --- --- --- --------------------------------------------------------------------- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users--- --- --- --------------------------------------------------------------------- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users --- --- --- --------------------------------------------------------------------- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Sent from my mobile device. Nick Moore Phone 708-336-9041 Email nmoore () Sourcefire com On Nov 13, 2009, at 10:57, "Chan, Wilson" <wchan () honolulu gov> wrote:
Is there any howto's on getting barnyard2 working? I tried google and didn't seem to find any complete configs and templates on getting barnyard2 working with mysql and syslog. ----- Original Message ----- From: Jason Wallace <jason.r.wallace () gmail com> To: snort-users () lists sourceforge net <snort-users () lists sourceforge netSent: Fri Nov 13 04:26:26 2009 Subject: Re: [Snort-users] Barnyard: Syslog output FAIL! I would recommend having snort output using the unified2 format and use barnyard2 http://www.securixlive.com/barnyard2/download.php The unified2 format has both the alert and log information in one file so you only need one instance of barnyard2. The original barnyard is outdated, unmaintained, and does not support unified2. You're not likely to get a lot of help using the original version of barnyard. On Thu, Nov 12, 2009 at 9:37 PM, Chan, Wilson <wchan () honolulu gov> wrote:Why is barnyard not outputting to syslog? Configurations below: What is driving me nuts is when I run in batch mode for snort.log nothing happens on syslog but as soon as I run batch mode in alert it get output. How do you get syslog to report on the snort.log files in daemon mode? barnyard -o snort.log.1258079148 –v barnyard -o snort.alert.1258079148 -v ==barnyard.conf== config daemon config localtime config hostname: snort-test-laptop config interface: eth2 output log_dump output alert_syslog: LOG_LOCAL4 LOG_ALERT ==/etc/syslog.conf== #Output logs from Barnyard to Syslog Server (remote) local4.* @192.168.1.1 Wilson --- --- --- --------------------------------------------------------------------- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users--- --- --- --------------------------------------------------------------------- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users --- --- --- --------------------------------------------------------------------- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Barnyard: Syslog output FAIL! Chan, Wilson (Nov 12)
- Re: Barnyard: Syslog output FAIL! Jason Wallace (Nov 13)
- <Possible follow-ups>
- Re: Barnyard: Syslog output FAIL! Chan, Wilson (Nov 13)
- Re: Barnyard: Syslog output FAIL! Nick Moore (Nov 13)