[Snort-users] logging to MySql....stumped

Scott Renna srenna at ...9588...
Mon Jul 21 12:55:46 EDT 2003


Now that I've gotten some help in editing configure.in in Barnyard to
work with MySQLServer 4.0....it's up and running and seems to be doing
its job.  It's no longer producing any errors however, it doesn't look
like it's actually logging to ACID.  I've run a few port scans and snort
is picking up the scans and creating alert and log files.  ACID is not
displaying the result however.  Here's my command line and data when
running barnyard:

barnyard -c /usr/local/etc/barnyard.conf -f /var/log/snort/snort.log -s
/usr/local/etc/snort/sid-msg.map -g /
usr/local/etc/snort/gen-msg.map -w /var/log/snort/waldo.log -L
/var/log/snort/barnyard/barnyard.log &

-*> Barnyard! <*-
Version 0.1.0 (Build 17)
By Andrew R. Baker (andrewb at ...950...)
and Martin Roesch (roesch at ...1935..., www.snort.org)

Loading Data Processors...
dp_alert loaded
dp_log loaded
dp_stream_stat loaded
Loading Built-in Output Plugins...
Fast Alert plugin initialized
AlertSyslog initialized
Log Dump plugin initialized
LogPcap initialized
AcidDb output plugin initialized
AlertCSV initialized
Parsing Config file: /usr/local/etc/barnyard.conf
Args: mysql, sensor_id 1, database snort, server localhost, user root,
password XXXXXXX
Args: mysql, database snort, server localhost, user root, password
XXXXXX, detail full
Barnyard Version 0.1.0 (Build 17) started
OpAcidDB configuration details
Database Flavour: mysql
Detail Level: Fast
Database Server: localhost
Database User: root
SensorID: 1
AcidDbOpStart Complete

Yes..i know running the database user as root is bad...it will change,
but i really want to get this working.  Anyone else out there have
anything to offer on this problem?
Does ACID post it right away or will it take some time after the scan?

Scott Renna
Head Systems Administrator
Dynamic Animation Systems


More information about the Snort-users mailing list