[Snort-users] (no subject)

Ron Rosson insane at ...322...
Tue Jan 22 16:33:02 EST 2002


 
 Here is my command line of snort:
 
 snort -D -i qe0
 
 Here is my command line for barnyard
 
 barnyard -c /etc/snort/barnyard.conf -d /var/log/snort/ -f snort.log \
 -w /var/log/snort/waldo.barnyard
 
 Other than my network variables being shown here, here is my snort.conf
 
 Preprocessors:
 	preprocessor frag2
 	preprocessor stream4: detect_scans
 	preprocessor stream4_reassemble
  	preprocessor http_decode: 80 -unicode -cginull
  	preprocessor rpc_decode: 111
 	preprocessor bo: -nobrute
  	
  Output plugins:
         output log_unified: filename snort.log, limit 128
  
  Here is my barnayard.con
  
  processor dp_alert
  processor dp_log
  output alert_acid_db: mysql, sensor_id 1, database snort, server myserver, user s
  nort, password mysnort
  output log_acid_db: mysql, sensor_id 1, database snort, server myserver, user snor
  t, password mysnort, detail full
  
  Now when I started it for the first time it made acid's tcp line 100%
  and that is it. Everything else is all 0's
 
TIA
Ron

-- 
------------------------------------------------------------------------------
Ron Rosson                                    ... and a UNIX user said ...
The InSaNe One                                        rm -rf *
insane at ...322...                        and all was /dev/null and *void()
------------------------------------------------------------------------------





More information about the Snort-users mailing list