[Snort-users] barnyard (Payload)

Alwin Raymundo alrayworld at ...131...
Tue Oct 15 06:06:06 EDT 2002


Hi Bamm,

Thanks for your help.  I have a few question for you
if you dont mind.

1. where I can find this op_acid_db?

I follow what you have stated below
in snort.conf
output log_unified: filename snort.log, limit 128

in my barnyard.conf
config hostname: snorthost
config interface: fxp0
config filter: not port 22
processor dp_alert
processor dp_log
processor dp_stream_stat
output alert_fast
output log_dump
output alert_acid_db: mysql, sensor_id 1, database
snort, server localhost, user usnort, password loghog

When I ran BY I got this error messages

-*> Barnyard! <*-
Version 0.1.0-rc3 (Build 11)
By Andrew R. Baker (andrewb at ...950...)
and Martin Roesch (roesch at ...1935...,
www.snort.org)

Loading Data Processors...
dp_alert loaded
dp_log loaded
dp_stream_stat loaded
Loading Built-in Output Plugins...
Fast Alert plugin initialized
AlertSyslog initialized
Log Dump plugin initialized
LogPcap initialized
AcidDb output plugin initialized
AlertCSV initialized
Parsing Config file: /etc/snort/barnyard.conf
Args: mysql, sensor_id 1, database snort, server
localhost, user usnort, password loghog
WARNING: absolute path in -f <filename> is overriding
-d <spool_dir> setting.
WARNING: spool_dir set to "/var/log/snort"
Barnyard Version 0.1.0-rc3 (Build 11) started
ERROR => No input plugin found for magic: a1b2c3d4

what does it mean "no input plugin found for magic:
a1b2c3d4"

I search for this in the previous usenet but the
advice was to upgrade the barnyard and the rules but I
think I have the new one.

I'm new with barnyard. Thanks in Advance for your
help
--- Bamm Visscher <bamm at ...539...> wrote:
> I use a modified (different DB schema) op_acid_db
> and it inserts
> "payload" data. op_acid_db should also. Check to
> make sure you are using
> the log_unifed output plugin (alert_unified doesn't
> log packet data).
> When you run BY, make sure it is reading the
> log_unified output (i.e. -f
> snort.log). IIRC, BY cannot read log_unified and
> alert_unified at the
> same time. Finally, in your barnyard.conf, make sure
> you use 'output
> log_acid_db' (vice 'output alert_acid_db'.
> 
> Bammkkkk
> 
> On Tue, 2002-10-01 at 07:31, Ron Shuck wrote:
> > Hey Alwin,
> > 
> > I found the same results. I haven't heard if there
> are plans to include
> > this, or if it should work and we just missed
> something.
> > 
> > 
> > Ron Shuck, CISSP - Managing Consultant
> > Buchanan Associates - A Technology Company in the
> People Business
> > http://www.buchanan.com
> > http://www.isc2.org
> > 
> > 
> > ---original message---
> > Date: Mon, 30 Sep 2002 11:36:39 -0700 (PDT)
> > From: Alwin Raymundo <alrayworld at ...131...>
> > To: user snort <snort-users at lists.sourceforge.net>
> > Subject: [Snort-users] barnyard (Payload)
> > 
> > Hi Everybody,
> > 
> > I don't know if this is already posted in previous
> > discussion and this morning I just setup the
> barnyard.
> >  I like it because it fast to log all packets in
> my
> > mysql and acid but I notice there is no payload.
> > 
> > Is this normal? is there in another way to get the
> > payload?.
> > 
> > Any help would be appreciated.
> > 
> > Thanks in advance.
> > 
> > 
> > 
> 
> 
> 
> 
>
-------------------------------------------------------
> This sf.net email is sponsored by: DEDICATED SERVERS
> only $89!
> Linux or FreeBSD, FREE setup, FAST network. Get your
> own server 
> today at http://www.ServePath.com/indexfm.htm
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or
> unsubscribe:
>
https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
>
http://www.geocrawler.com/redir-sf.php3?list=snort-users


=====
Alwin Raymundo

__________________________________________________
Do you Yahoo!?
New DSL Internet Access from SBC & Yahoo!
http://sbc.yahoo.com




More information about the Snort-users mailing list