[Snort-users] output options in barnyard

Chris Eidem ceidem at ...5503...
Thu Aug 1 08:06:14 EDT 2002


well, i tried to run a different barnyard process on the alert file,
with the following results:

.conf with file name after alert_fast:
WARNING by-xl1.conf(8) => Unknown output plugin "alert_fast alert-xl1"

.conf without file name after alert_fast:
starts up just fine, but doesnt output anything.

OUTPUT OF DRY RUN

with alert_fast
----------------

root at ...3953... /usr/local/snort-beta$ barnyard -c by2-xl1.conf -X
by2-xl1.pid -d ./xl1 -f snort-xl1.alert -t 1028058173 -L
/var/log/snort/xl1 -R

-*> Barnyard! <*-
Version 0.1.0-rc2 (Build 11)
By Andrew R. Baker (andrewb at ...950...)
and Martin Roesch (roesch at ...1935..., www.snort.org)

Loading Data Processors...
dp_alert loaded
dp_log loaded
dp_stream_stat loaded
Loading Built-in Output Plugins...
Fast Alert plugin initialized
AlertSyslog initialized
Log Dump plugin initialized
LogPcap initialized
AcidDb output plugin initialized
AlertCSV initialized
Parsing Config file: by2-xl1.conf
Archive Directory is NULL
Config File =by2-xl1.conf
Log Dir=/var/log/snort/xl1
Spool Dir=./xl1
Spool File=snort-xl1.alert
Waldo File is NULL
Sid File=./sid-msg.map
Gen File=./gen-msg.map
Hostname=cubanelle
Interface=xl1
Filter=not port 22
Record Number: 0
Log Flag: 1
Using localtime
Verbosity Level=0
File Arg Start: 0
Dry Run mode enabled
commandline: barnyard -c by2-xl1.conf -X by2-xl1.pid -d ./xl1 -f
snort-xl1.alert -t 1028058173 -L /var/log/snort/xl1 -R 

with alert_fast alert-xl1
--------------------------

root at ...3953... /usr/local/snort-beta$ barnyard -c by2-xl1.conf -X
by2-xl1.pid -d ./xl1 -f snort-xl1.alert -t 1028058173 -L
/var/log/snort/xl1 -R 

-*> Barnyard! <*-
Version 0.1.0-rc2 (Build 11)
By Andrew R. Baker (andrewb at ...950...)
and Martin Roesch (roesch at ...1935..., www.snort.org)

Loading Data Processors...
dp_alert loaded
dp_log loaded
dp_stream_stat loaded
Loading Built-in Output Plugins...
Fast Alert plugin initialized
AlertSyslog initialized
Log Dump plugin initialized
LogPcap initialized
AcidDb output plugin initialized
AlertCSV initialized
Parsing Config file: by2-xl1.conf
WARNING by2-xl1.conf(9) => Unknown output plugin "alert_fast alert-xl1"
referenced, ignoring!Archive Directory is NULL
Config File =by2-xl1.conf
Log Dir=/var/log/snort/xl1
Spool Dir=./xl1
Spool File=snort-xl1.alert
Waldo File is NULL
Sid File=./sid-msg.map
Gen File=./gen-msg.map
Hostname=cubanelle
Interface=xl1
Filter=not port 22
Record Number: 0
Log Flag: 1
Using localtime
Verbosity Level=0
File Arg Start: 0
Dry Run mode enabled
commandline: barnyard -c by2-xl1.conf -X by2-xl1.pid -d ./xl1 -f
snort-xl1.alert -t 1028058173 -L /var/log/snort/xl1 -R 

by2-xl1.conf
------------

root at ...3953... /usr/local/snort-beta$ cat by2-xl1.conf

config hostname: cubanelle
config localtime
config interface: xl1
config filter: not port 22
processor dp_alert
processor dp_log
processor dp_stream_stat
# output alert_fast 
output alert_fast alert-xl1
# output log_pcap 
# output alert_acid_db: mysql, sensor_id 1, database stest, server
localhost, user snort, password snort
# output log_acid_db: mysql, sensor_id 1, database stest, server
localhost, user snort, detail full, password XXXXXXXXX




More information about the Snort-users mailing list