[Snort-users] Barnyard question

Emilio Mira Alfaro emial at ...4389...
Wed Jul 10 00:54:06 EDT 2002


Hi all. 

I'm having problems with Barnyard and MySQL. I've 
configured Barnyard with log facility, but MySQL only contains
alerts except with two rules: "SMTP HELO overflow attempt" with 
1 log of 1 alert and "P2P GNUTella GET" with 2 logs of 500 alerts.

I'm using Snort 1.8.7 and Barnyard 0.1.0-rc2 (Build 11).

In snort.conf I have:

  output alert_unified: filename snort.alert, limit 128
  output log_unified: filename snort.log, limit 128

and in barnyard.conf

  output log_acid_db: mysql, sensor_id 1, database xxxxx, 
  server localhost, user snort, password xxxxxx, detail full


Thanks in advance.

--
Emilio Mira

> 
> Hi all.
> 
> I'm trying to intall barnyard-0.1.0-rc2 with Snort 1.8.7beta2 
> and there are some rare things. 
> 
> I log in MySQL database with acid output plugin:
> 
> output log_acid_db: mysql, sensor_id 1, database snortdb, 
> server localhost, user snort, password ****** , detail full
> 
> and the only one input plugin is dp_log.
> 
> First, it seems that barnyard works with a delay: I only can
> see alerts that were detected 2 hours ago.
> 
> Second, table iphdr and data are empty, I only can get information
> about alerts generated, nothing else.
> 
> In snort.conf I have:
> 
> output alert_unified: filename snort.alert, limit 128
> output log_unified: filename snort.log, limit 128
> 
> Any ideas.
> 
> Thank you!!
> 
> 
> --
> Emilio Mira
> e-mail: emial at ...4389...
> 


--
--
Emilio Mira
e-mail: emial at ...4389...







More information about the Snort-users mailing list