Snort mailing list archives

Re: barnyard 2 not outputing logs to mysql


From: JJ Cummings <cummingsj () gmail com>
Date: Wed, 7 Apr 2010 10:19:37 -0600

You are wrong :-) .. unified2 is a single unified output that contains all
of the data that you need:

output unified2: filename snort.unified2, limit 128

That should do it.. then read the snort.unified2 spool files with barnyard2
and verify that you are generating events with snort...

barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.unified2
-w /var/log/snort/by2.waldo


On Wed, Apr 7, 2010 at 10:15 AM, Kum Weng Luey <kumwengluey () gmail com>wrote:

Yes, I guessed I have wrote it to unified2 files. Below was how i wrote it.


output alert_unified2: filename snort.alert, limit 128
output log_unified2: filename snort.log, limit 128

My barnyard command goes like this:

barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.alert -w
/var/log/snort/by2.waldo

Please correct me if I am wrong.
Thanks
KW

On Thu, Apr 8, 2010 at 12:11 AM, JJ Cummings <cummingsj () gmail com> wrote:

Make sure that you are writing unified2 from snort and reading those files
with barnyard2.. also that you have events being generated and thusly
populated into said unified2 files.

JJC

  On Wed, Apr 7, 2010 at 10:04 AM, Kum Weng Luey <kumwengluey () gmail com>wrote:

  Hi all,

A query yet again, I have used barnyard2 in-place of barnyard after much
consideration and did configuration as how I did for barnyard.
Everything was working fine till i check mysql tables. Nothing was output
to the database.
I've checked my barnyard2 config file and double checked the database
username and password.
Everything seems right. Could i have missed out something that i did not
notice. Thank you peeps for any help rendered.




Regards,

KW


------------------------------------------------------------------------------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users








------------------------------------------------------------------------------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread: