Snort mailing list archives

Previous By Date Next
Previous By Thread Next

barnyard2

From: Sam Johnson <Sam.Johnson () flagshipcredit com>
Date: Wed, 12 Sep 2018 15:57:23 +0000
I apologize if I shouldn't ask about barnyard2 here.

I have snort up and running with pulledpork snort.rules. I see logs growing in /var/log/snort so I know that is 
working. For some reason barnyard does not want to write to the database when I include the snort.rules in the snort 
conf. As soon as I take it out and use just a simple ICMP test in the local.rules it works fine and I see the rule 
coming across and events getting written to the database.
I add snort.ruels back in and barnyard just sits at this point with nothing being logged to the database:

/usr/local/bin/barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.u2 -w /var/log/snort/barnyard2.waldo 
-g snort -u snort
Running in Continuous mode

        --== Initializing Barnyard2 ==--
Initializing Input Plugins!
Initializing Output Plugins!
Parsing config file "/etc/snort/barnyard2.conf"


+[ Signature Suppress list ]+
----------------------------
+[No entry in Signature Suppress List]+
----------------------------
+[ Signature Suppress list ]+

Barnyard2 spooler: Event cache size set to [2048]
Log directory = /var/log/barnyard2
INFO database: Defaulting Reconnect/Transaction Error limit to 10
INFO database: Defaulting Reconnect sleep time to 5 second

Anyone have any idea on why barnyard isn't working with the snort.rules?? Thanks!!

Sam Johnson
The information transmitted via this email is intended only for the person or entity to which it is addressed and may 
contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking 
of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. 
If you receive this in error, please contact the sender and delete the material from any computer.

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

        To unsubscribe, send an email to:
        snort-users-leave () lists snort org

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Previous By Date Next
Previous By Thread Next

Current thread: