[Snort-users] barnyard (Payload)
alrayworld at ...131...
Tue Oct 15 06:06:06 EDT 2002
Thanks for your help. I have a few question for you
if you dont mind.
1. where I can find this op_acid_db?
I follow what you have stated below
output log_unified: filename snort.log, limit 128
in my barnyard.conf
config hostname: snorthost
config interface: fxp0
config filter: not port 22
output alert_acid_db: mysql, sensor_id 1, database
snort, server localhost, user usnort, password loghog
When I ran BY I got this error messages
-*> Barnyard! <*-
Version 0.1.0-rc3 (Build 11)
By Andrew R. Baker (andrewb at ...950...)
and Martin Roesch (roesch at ...1935...,
Loading Data Processors...
Loading Built-in Output Plugins...
Fast Alert plugin initialized
Log Dump plugin initialized
AcidDb output plugin initialized
Parsing Config file: /etc/snort/barnyard.conf
Args: mysql, sensor_id 1, database snort, server
localhost, user usnort, password loghog
WARNING: absolute path in -f <filename> is overriding
-d <spool_dir> setting.
WARNING: spool_dir set to "/var/log/snort"
Barnyard Version 0.1.0-rc3 (Build 11) started
ERROR => No input plugin found for magic: a1b2c3d4
what does it mean "no input plugin found for magic:
I search for this in the previous usenet but the
advice was to upgrade the barnyard and the rules but I
think I have the new one.
I'm new with barnyard. Thanks in Advance for your
--- Bamm Visscher <bamm at ...539...> wrote:
> I use a modified (different DB schema) op_acid_db
> and it inserts
> "payload" data. op_acid_db should also. Check to
> make sure you are using
> the log_unifed output plugin (alert_unified doesn't
> log packet data).
> When you run BY, make sure it is reading the
> log_unified output (i.e. -f
> snort.log). IIRC, BY cannot read log_unified and
> alert_unified at the
> same time. Finally, in your barnyard.conf, make sure
> you use 'output
> log_acid_db' (vice 'output alert_acid_db'.
> On Tue, 2002-10-01 at 07:31, Ron Shuck wrote:
> > Hey Alwin,
> > I found the same results. I haven't heard if there
> are plans to include
> > this, or if it should work and we just missed
> > Ron Shuck, CISSP - Managing Consultant
> > Buchanan Associates - A Technology Company in the
> People Business
> > http://www.buchanan.com
> > http://www.isc2.org
> > ---original message---
> > Date: Mon, 30 Sep 2002 11:36:39 -0700 (PDT)
> > From: Alwin Raymundo <alrayworld at ...131...>
> > To: user snort <snort-users at lists.sourceforge.net>
> > Subject: [Snort-users] barnyard (Payload)
> > Hi Everybody,
> > I don't know if this is already posted in previous
> > discussion and this morning I just setup the
> > I like it because it fast to log all packets in
> > mysql and acid but I notice there is no payload.
> > Is this normal? is there in another way to get the
> > payload?.
> > Any help would be appreciated.
> > Thanks in advance.
> This sf.net email is sponsored by: DEDICATED SERVERS
> only $89!
> Linux or FreeBSD, FREE setup, FAST network. Get your
> own server
> today at http://www.ServePath.com/indexfm.htm
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or
> Snort-users list archive:
Do you Yahoo!?
New DSL Internet Access from SBC & Yahoo!
More information about the Snort-users