[Snort-users] output options in barnyard
ceidem at ...5503...
Wed Jul 31 14:35:02 EDT 2002
> Chris Eidem wrote:
> > I'm all confused, in barnyard.conf, alert_fast and log_pcap take an
> > filename as an argument, but docs/USAGE states they do not. I'm
> > assuming that they don't since barnyard complains mightily
> if they're
> > there. Ok, so I don't add a file name, but then, what is
> written where?
> > I've looked in ./, /var/log, /var/log/snort, but no joy.
> The conf file is correct in this case. What error is it
> giving when you
> specify a filename?
here's the output from reload of the .conf file (shown bottom):
root at ...3953... /usr/local/snort-beta$ kill -HUP 27669
Loading Data Processors...
root at ...3953... /usr/local/snort-beta$ dp_stream_stat loaded
Loading Built-in Output Plugins...
Fast Alert plugin initialized
Log Dump plugin initialized
AcidDb output plugin initialized
Parsing Config file: by-xl1.conf
WARNING by-xl1.conf(8) => Unknown output plugin "alert_fast alert-xl1"
referenced, ignoring!Args: mysql, sensor_id 1, database stest, server
localhost, user snort, detail full, password snort
WARNING ./classification.config(95): Duplicate classification
"not-suspicious"found, ignoring this line
[similar './classification.config(X):' warnings deleted for brevity ]
Barnyard Version 0.1.0-rc2 (Build 11) started
OpAcidDB configuration details
Database Flavour: mysql
Detail Level: Full
Database Server: localhost
Database User: snort
config hostname: cubanelle
config interface: xl1
config filter: not port 22
output alert_fast alert-xl1
# output alert_acid_db: mysql, sensor_id 1, database stest, server
localhost, user snort, password snort
output log_acid_db: mysql, sensor_id 1, database stest, server
localhost, user snort, detail full, password xxxxxxxxx
thanks for your help,
More information about the Snort-users