Snort mailing list archives
Re: Barnyard2 + Snort
From: <snort () leeclemens net>
Date: Thu, 25 Mar 2010 17:31:00 -0400
I believe -f uses the prefix, not the full directory path supplied after -d. If using continous mode, you should configure waldo file, or use -w as well. -----Original Message----- From: Fábio Ferrão <ferrao04 () gmail com> Date: Thu Mar 25, 2010 14:50 Dears, My barnyard2 is initialize with success, but the alerts arent registering in BASE. The snort.conf is: # output database: log, mysql, user=snort password=test dbname=snort host=xx.xx.xx.xx sensor_name=test_server # output database: alert, postgresql, user=snort dbname=snort # output database: log, odbc, user=snort dbname=snort # output database: log, mssql, dbname=snort user=snort password=test # output database: log, oracle, dbname=snort user=snort password=test output alert_unified: filename snort_uni.alert, limit 128 output log_unified: filename snort_uni.log, limit 128 output unified2: filename snort.unified2, limit 128 The snort initialization is: /etc/rc.conf snort_enable="YES" snort_flags="-D -q" snort_interface="bge1" snort_conf="/usr/local/snort/snort.conf" snort_group="snortgrp" The barnyard2.conf is: config reference-map: /usr/local/snort/reference.config config class-map: /usr/local/snort/classification.config config gen-msg-map: /usr/local/snort/gen-msg.map config sid-msg-map: /usr/local/snort/sid-msg.map config hostname: teste_server config interface: bge1 # Step 2: setup the input plugins input unified2 output database: log, mysql, user=snort password=test dbname=snort host=xx.xx.xx.xx sensor_name=test_server output database: alert, mysql, user=snort password=suporte dbname=snort host=xx.xx.xx.xx sensor_name=teste_server The barnyard2 initialization is: ####BARNYARD2#### barnyard2_enable="YES" barnyard2_flags="-D -q -d /var/spool/barnyard2 -f /var/log/snort/snort.unified2" barnyard2_conf="/usr/local/etc/barnyard2.conf" Im trying, but barnyard isnt success yet. Can somebody help me? Thanks. -- Fábio Ferrão "E conhecereis a verdade e a verdade vos libertará". João 8.32 "And you will know the truth and the truth you will free". John 8.32 ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Barnyard2 + snort Fábio Ferrão (Mar 25)
- Re: Barnyard2 + snort Jason Wallace (Mar 25)
- <Possible follow-ups>
- Re: Barnyard2 + snort snort (Mar 25)
- Barnyard2 + Snort Fábio Ferrão (Mar 25)
- Re: Barnyard2 + Snort snort (Mar 25)
- Re: Barnyard2 + Snort snort (Mar 25)
- Re: Barnyard2 + Snort snort (Mar 25)
- Re: Barnyard2 + Snort Fábio Ferrão (Mar 26)