[Snort-users] Barnyard 0.1.5 and mysql

Andrew R. Baker andrewb at ...950...
Wed Nov 14 10:21:02 EST 2001


The system_id in the barnyard.conf file needs to be an integer. 
Anything else will cause it to be set to 0.  Since barnyard does not
know all of the details about how snort was run in order to create a
proper sensor entry.  The sensor id will need to be manually created in
the database for now.  I did send out a script for adding/querying a
sensor entry to the mailing list and will add this to the barnyard CVS
archive when I get some available time.

-Andrew


Chris Eidem wrote:
> 
> Hey y'all,
> 
> Got a question about barnyard and mysql.  Looks like it's sending stuff
> into the db with a sid of '0'.  Why?
 
[snipped]

> I start barnyard like this:
> ./barnyard -c ./byshmy.conf -s sid-msg.map -g gen-msg.map -d
> /var/log/snort -f snort.alert
> 
> I get this:
> <major snippage>
> SQL: INSERT INTO event(sid, cid, signature, timestamp) VALUES('0',
> '9431', '130', '2001-11-12 21:07:05')
> SQL: INSERT INTO event(sid, cid, signature, timestamp) VALUES('0',
> '9432', '121', '2001-11-12 21:07:35')
> SQL: INSERT INTO event(sid, cid, signature, timestamp) VALUES('0',
> '9433', '126', '2001-11-12 21:07:48')
> 
> Lines from the byshmy.conf:
> output alert_acid_db: mysql, sensor_id cubanelle-xl1, database snort,
> server sharpam, user snort, detail full, password snort
> output log_acid_db: mysql, sensor_id cubanelle-xl1, database snort,
> server sharpam, user snort, detail full, password snort
> 

[snipped]




More information about the Snort-users mailing list