Snort mailing list archives
Troubleshooting barnyard
From: "Jason Lewis" <jlewis () packetnexus com>
Date: Mon, 15 Oct 2001 22:46:13 -0400
I realize it is beta, but I have high hopes for it. I see barnyard running through my existing spool files and it seems to be doing something. Nothing makes it into the DB though. Barnyard seems to connect to the DB correctly, I change the user and it gave me an error. Is there an order to starting snort and barnyard? Does one need to start first? Can I only run one instance of barnyard? Can the snort.alert and snort.log be the same file? I couldn't find a whole lot to help me out, maybe I am overlooking something. Here is the output from the dry run (-R). --== Initializing Barnyard ==-- -*> Barnyard! <*- Version 0.1.0-beta4 (Build 5) By Martin Roesch (roesch () sourcefire com, www.snort.org) and Andrew R. Baker (andrewb () uab edu) Loading Data Processors... dp_alert loaded dp_log loaded dp_stream_stat loaded Loading Built-in Output Plugins... Fast Alert plugin initialized AlertSyslog initialized Log Dump plugin initialized LogPcap initialized AcidDb output plugin initialized Parsing Config file: /etc/snort/barnyard.conf Args: mysql, sensor_id prozac, database snort, server 10.10.0.17, user snort, password snort Args: mysql, sensor_id prozac, database snort, server 10.10.0.17, user snort, password snort, detail full Archive Directory is NULL Config File =/etc/snort/barnyard.conf Log Dir=/var/log/snort Spool Dir=/var/log/snort Spool File=snort.log Waldo File is NULL Sid File=/etc/snort/sid-msg.map Gen File=/etc/snort/gen-msg.map Record Number: 0 Log Flag: 0 File Arg Start: 0 Dry Run mode enabled commandline:barnyard -R -c /etc/snort/barnyard.conf -d /var/log/snort -g /etc/snort/gen-msg.map -s /etc/snort/sid-msg.map -f snort.log Jason Lewis http://www.packetnexus.com It's not secure "Because they told me it was secure". The people at the other end of the link know less about security than you do. And that's scary. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Barnyard with mysql is not working Jason Lewis (Oct 15)
- Re: Barnyard with mysql is not working Andrew R. Baker (Oct 15)
- RE: Barnyard with mysql is not working Jason Lewis (Oct 15)
- Troubleshooting barnyard Jason Lewis (Oct 15)
- ACID and schema 104 Jason Lewis (Oct 16)
- Re: ACID and schema 104 Andrew R. Baker (Oct 17)
- Barnyard questions Jason Lewis (Oct 19)
- Re: Barnyard questions Andrew R. Baker (Oct 19)
- RE: Barnyard with mysql is not working Jason Lewis (Oct 15)
- Re: Barnyard with mysql is not working Andrew R. Baker (Oct 15)