[Snort-users] Barnyard snorts, but no Alerts cached
Andrew R. Baker
andrewb at ...950...
Sat Apr 3 15:41:00 EST 2004
Michael Miller wrote:
> I had everything up and running smoothly but ran into a snag when trying
> to configure barnyard for a second sensor. Left with a database that had
> an extra 500,000 events I couldn’t see, I dropped and recreated the
> database with the scripts from the controb folder in snort 2.1.0.
>
>
>
> Now barnyard sees new logs, says it imports them, and ACID’s Total
> Events log climbs, but when I press Update Alert Cache, no alerts get
> added to the cache.
What is the configuration line you are using for Barnyard? If you have
specified the sensor_id option, did you create an entry in the sensor
table for it?
-A
More information about the Snort-users
mailing list