[Snort-users] Barnyard Options Help Needed!
kevin.peuhkurinen at ...7732...
Thu Dec 19 13:19:07 EST 2002
Hi all. I've decided to start using Barnyard and need some help with
some of the options.
First, Snort creates two unified files; an alert and a log file.
However, when I tell Barnyard to use the alert file (with -f), the
packet data is not sent to the database. If I tell Barnyard to use the
log file, nothing gets sent to the database. The output plugin used is
alert_acid_db, with the "detail full" setting. How do I tell Barnyard
to send alerts with full packet data to the database?
Secondly, I can't seem to figure how to get any of the other output
plugins to work. I want to use alert_fast and log_pcap, but the files
are not being created. I've tried starting Barnyard with "-L
/var/log/snort" but this seems to do nothing. I tried putting a
filename after the "output alert_fast" in the conf file, but then it
complains that it doesn't know about this plugin. What am I doing wrong?
More information about the Snort-users