Snort mailing list archives
Re: log alert to database using barnyard2
From: Y M <snort () outlook com>
Date: Mon, 29 Jul 2013 20:15:04 +0000
inline. Date: Tue, 30 Jul 2013 03:06:25 +0700 From: gizhworld () gmail com To: snort-users () lists sourceforge net Subject: [Snort-users] log alert to database using barnyard2 I have a little problem with logging alerts to database using barnyard. when I start snort to detect attact using syntax snort-A console-q-i eth0-c / usr / local / snort / etc / snort.conf, snort can comes up the alert. but alert cant entered into the databases. The -A console will log alerts to the console and not to a unified2 log file that Barnyard expects. Remove the -A console from your command and specify the barnyard2 output plugin in snort.conf file, example: output unified2: filename snort.log, limit 128 When I run this syntax /usr/local/bin/barnyard2-c / usr/local/snort/etc/barnyard2.conf-G / usr / local / snort / etc / gen-msg.map-S / usr / local / snort / etc / sid-msg.map-d / var / log / snort-f snort.u2-w / var/log/barnyard/barnyard2.waldo I got a error , FATAL ERROR: The gene map file was included two times the command line (-G) [/ usr / local / snort / etc / gen-msg.map] and in the configuration file (config gen_map) [/ usr / local / snort / etc / gen-msg.map] need to be defined only once. Maybe you are specifying the gen-msg.map file in both the barnyarnd.conf file as well as your command? try specifying it in once place. can somebody tell me where my mistake? Thank you. ------------------------------------------------------------------------------ Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- log alert to database using barnyard2 Ismi Junita Rahmawati (Jul 29)
- Re: log alert to database using barnyard2 Y M (Jul 29)
- Re: log alert to database using barnyard2 Ismi Junita Rahmawati (Jul 29)
- Re: log alert to database using barnyard2 Joel Esler (Jul 29)
- Re: log alert to database using barnyard2 Ismi Junita Rahmawati (Jul 29)
- Re: log alert to database using barnyard2 Ismi Junita Rahmawati (Jul 29)
- Re: log alert to database using barnyard2 Y M (Jul 29)