[Snort-users] (no subject)

Ron Rosson insane at ...322...
Tue Jan 22 22:37:02 EST 2002


Sorry subject was supposed to be...

"snort 1.8.3 + barnyard beta4 + acid 0.9.6b19"

Ron Rosson <insane at ...322...> said:

>  
>  Here is my command line of snort:
>  
>  snort -D -i qe0
>  
>  Here is my command line for barnyard
>  
>  barnyard -c /etc/snort/barnyard.conf -d /var/log/snort/ -f snort.log \
>  -w /var/log/snort/waldo.barnyard
>  
>  Other than my network variables being shown here, here is my snort.conf
>  
>  Preprocessors:
>  	preprocessor frag2
>  	preprocessor stream4: detect_scans
>  	preprocessor stream4_reassemble
>   	preprocessor http_decode: 80 -unicode -cginull
>   	preprocessor rpc_decode: 111
>  	preprocessor bo: -nobrute
>   	
>   Output plugins:
>          output log_unified: filename snort.log, limit 128
>   
>   Here is my barnayard.con
>   
>   processor dp_alert
>   processor dp_log
>   output alert_acid_db: mysql, sensor_id 1, database snort, server
myserver, user s
>   nort, password mysnort
>   output log_acid_db: mysql, sensor_id 1, database snort, server myserver,
user snor
>   t, password mysnort, detail full
>   
>   Now when I started it for the first time it made acid's tcp line 100%
>   and that is it. Everything else is all 0's
>  
> TIA
> Ron
> 
> -- 
>
------------------------------------------------------------------------------
> Ron Rosson                                    ... and a UNIX user said ...
> The InSaNe One                                        rm -rf *
> insane at ...322...                        and all was /dev/null and
*void()
>
------------------------------------------------------------------------------
> 
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> 




-- 
------------------------------------------------------------------------------

Ron Rosson                                    ... and a UNIX user said ... 
The InSaNe One                                        rm -rf * 
insane at ...322...                 and all was /dev/null and *void() 
------------------------------------------------------------------------------






More information about the Snort-users mailing list