[Snort-users] Barnyard question
Emilio Mira Alfaro
emial at ...4389...
Wed Jul 10 00:54:06 EDT 2002
I'm having problems with Barnyard and MySQL. I've
configured Barnyard with log facility, but MySQL only contains
alerts except with two rules: "SMTP HELO overflow attempt" with
1 log of 1 alert and "P2P GNUTella GET" with 2 logs of 500 alerts.
I'm using Snort 1.8.7 and Barnyard 0.1.0-rc2 (Build 11).
In snort.conf I have:
output alert_unified: filename snort.alert, limit 128
output log_unified: filename snort.log, limit 128
and in barnyard.conf
output log_acid_db: mysql, sensor_id 1, database xxxxx,
server localhost, user snort, password xxxxxx, detail full
Thanks in advance.
> Hi all.
> I'm trying to intall barnyard-0.1.0-rc2 with Snort 1.8.7beta2
> and there are some rare things.
> I log in MySQL database with acid output plugin:
> output log_acid_db: mysql, sensor_id 1, database snortdb,
> server localhost, user snort, password ****** , detail full
> and the only one input plugin is dp_log.
> First, it seems that barnyard works with a delay: I only can
> see alerts that were detected 2 hours ago.
> Second, table iphdr and data are empty, I only can get information
> about alerts generated, nothing else.
> In snort.conf I have:
> output alert_unified: filename snort.alert, limit 128
> output log_unified: filename snort.log, limit 128
> Any ideas.
> Thank you!!
> Emilio Mira
> e-mail: emial at ...4389...
e-mail: emial at ...4389...
More information about the Snort-users