[Snort-users] output options in barnyard

Chris Eidem ceidem at ...5503...
Wed Jul 31 14:35:02 EDT 2002


> 
> Chris Eidem wrote:
> > I'm all confused, in barnyard.conf, alert_fast and log_pcap take an
> > filename as an argument, but docs/USAGE states they do not.  I'm
> > assuming that they don't since barnyard complains mightily 
> if they're
> > there.  Ok, so I don't add a file name, but then, what is 
> written where?
> > I've looked in ./, /var/log, /var/log/snort, but no joy.
> 
> 
> The conf file is correct in this case.  What error is it 
> giving when you 
> specify a filename?
> 

andrew,

here's the output from reload of the .conf file (shown bottom):

root at ...3953... /usr/local/snort-beta$ kill -HUP 27669       
AcidDbOpStop
Reloading configuration
Loading Data Processors...
dp_alert loaded
dp_log loaded
root at ...3953... /usr/local/snort-beta$ dp_stream_stat loaded
Loading Built-in Output Plugins...
Fast Alert plugin initialized
AlertSyslog initialized
Log Dump plugin initialized
LogPcap initialized
AcidDb output plugin initialized
AlertCSV initialized
Parsing Config file: by-xl1.conf
WARNING by-xl1.conf(8) => Unknown output plugin "alert_fast alert-xl1"
referenced, ignoring!Args: mysql, sensor_id 1, database stest, server
localhost, user snort, detail full, password snort
WARNING ./classification.config(95): Duplicate classification
"not-suspicious"found, ignoring this line

...
[similar './classification.config(X):' warnings deleted for brevity ]
...

Barnyard Version 0.1.0-rc2 (Build 11) started
AcidDbOpStart
OpAcidDB configuration details
Database Flavour: mysql
Detail Level: Full
Database Server: localhost
Database User: snort
SensorID: 1
AcidDbOpStart Complete



barnyard.conf
------------
config hostname: cubanelle
config localtime
config interface: xl1
config filter: not port 22
processor dp_alert
processor dp_log
processor dp_stream_stat
output alert_fast alert-xl1
output log_pcap 
# output alert_acid_db: mysql, sensor_id 1, database stest, server
localhost, user snort, password snort
output log_acid_db: mysql, sensor_id 1, database stest, server
localhost, user snort, detail full, password xxxxxxxxx

thanks for your help,
 - chris




More information about the Snort-users mailing list