Snort mailing list archives
Barnyard2 + Snort
From: Fábio Ferrão <ferrao04 () gmail com>
Date: Thu, 25 Mar 2010 15:48:59 -0300
Dears, My barnyard2 is initialize with success, but the alerts aren't registering in BASE. The snort.conf is: # output database: log, mysql, user=snort password=test dbname=snort host=xx.xx.xx.xx sensor_name=test_server # output database: alert, postgresql, user=snort dbname=snort # output database: log, odbc, user=snort dbname=snort # output database: log, mssql, dbname=snort user=snort password=test # output database: log, oracle, dbname=snort user=snort password=test output alert_unified: filename snort_uni.alert, limit 128 output log_unified: filename snort_uni.log, limit 128 output unified2: filename snort.unified2, limit 128 The snort initialization is: /etc/rc.conf snort_enable="YES" snort_flags="-D -q" snort_interface="bge1" snort_conf="/usr/local/snort/snort.conf" snort_group="snortgrp" The barnyard2.conf is: config reference-map: /usr/local/snort/reference.config config class-map: /usr/local/snort/classification.config config gen-msg-map: /usr/local/snort/gen-msg.map config sid-msg-map: /usr/local/snort/sid-msg.map config hostname: teste_server config interface: bge1 # Step 2: setup the input plugins input unified2 output database: log, mysql, user=snort password=test dbname=snort host=xx.xx.xx.xx sensor_name=test_server output database: alert, mysql, user=snort password=suporte dbname=snort host=xx.xx.xx.xx sensor_name=teste_server The barnyard2 initialization is: ####BARNYARD2#### barnyard2_enable="YES" barnyard2_flags="-D -q -d /var/spool/barnyard2 -f /var/log/snort/snort.unified2" barnyard2_conf="/usr/local/etc/barnyard2.conf" I'm trying, but barnyard isn't success yet. Can somebody help me? Thanks. -- Fábio Ferrão "E conhecereis a verdade e a verdade vos libertará". João 8.32 "And you will know the truth and the truth you will free". John 8.32
------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Barnyard2 + snort Fábio Ferrão (Mar 25)
- Re: Barnyard2 + snort Jason Wallace (Mar 25)
- <Possible follow-ups>
- Re: Barnyard2 + snort snort (Mar 25)
- Barnyard2 + Snort Fábio Ferrão (Mar 25)
- Re: Barnyard2 + Snort snort (Mar 25)
- Re: Barnyard2 + Snort snort (Mar 25)
- Re: Barnyard2 + Snort snort (Mar 25)
- Re: Barnyard2 + Snort Fábio Ferrão (Mar 26)