Snort mailing list archives
Re: Having problem with Barnyard
From: Nick Moore <nmoore () sourcefire com>
Date: Wed, 23 Jun 2010 18:57:44 -0500
JJ, snort -i eth1 -c /etc/snort/snort.conf (pretty boring really) barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.log -w /etc/snort/barnyard2.waldo Nick On Wed, Jun 23, 2010 at 6:50 PM, JJC <cummingsj () gmail com> wrote:
What are your runtime options to start each snort and by2? On Wed, Jun 23, 2010 at 4:32 PM, Nick Moore <nmoore () sourcefire com> wrote:All, I'm having a problem with Barnyard putting data into MySQL. Snort is seeing events and the log file is increasing, but no events have yet been written to the database. I've attached my snort.conf and barnyard2.conf. Based on the Snort screen output below, I'm sure events are triggering: =============================================================================== Action Stats: ALERTS: 246 LOGGED: 246 PASSED: 0 ===================== I'm sure I'm overlooking something simple. If anyone can point me in the right direction, it would be much appreciated. Thanks! -- Nick Moore, SFCE, CISSP, CISA Sr. Systems Engineer Voice 708-336-9041 Email nick.moore () sourcefire com IM nickgmoore (Yahoo) nickgmoore38 (AIM) ,,_ o" )~ Sourcefire - The Creators of Snort '''' www.sourcefire.com www.snort.org ------------------------------------------------------------------------------ ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
--
Nick Moore, SFCE, CISSP, CISA
Sr. Systems Engineer
Voice 708-336-9041
Email nick.moore () sourcefire com
IM nickgmoore (Yahoo)
nickgmoore38 (AIM)
,,_
o" )~ Sourcefire - The Creators of Snort
''''
www.sourcefire.com www.snort.org
------------------------------------------------------------------------------ ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Having problem with Barnyard Nick Moore (Jun 23)
- Re: Having problem with Barnyard JJC (Jun 23)
- Re: Having problem with Barnyard Nick Moore (Jun 23)
- Re: Having problem with Barnyard JJC (Jun 23)
- Re: Having problem with Barnyard Nick Moore (Jun 23)
- Re: Having problem with Barnyard firnsy (Jun 24)
- Message not available
- Re: Having problem with Barnyard firnsy (Jun 24)
- Re: Having problem with Barnyard Nick Moore (Jun 23)
- Re: Having problem with Barnyard JJC (Jun 23)