[Snort-users] Barnyard Options Help Needed!

Kevin Peuhkurinen kevin.peuhkurinen at ...7732...
Thu Dec 19 13:19:07 EST 2002


Hi all.  I've decided to start using Barnyard and need some help with 
some of the options.

First, Snort creates two unified files; an alert and a log file.   
 However, when I tell Barnyard to use the alert file (with -f), the 
packet data is not sent to the database.   If I tell Barnyard to use the 
log file, nothing gets sent to the database.   The output plugin used is 
alert_acid_db, with the "detail full" setting.  How do I tell Barnyard 
to send alerts with full packet data to the database?

Secondly, I can't seem to figure how to get any of the other output 
plugins to work.   I want to use alert_fast and log_pcap, but the files 
are not being created.   I've tried starting Barnyard with "-L 
/var/log/snort" but this seems to do nothing.  I tried putting a 
filename after the "output alert_fast" in the conf file, but then it 
complains that it doesn't know about this plugin.   What am I doing wrong?

Thanks!






More information about the Snort-users mailing list