[Snort-users] Barnyard not logging alert classification

Francis A. Vidal francisv at ...6732...
Tue Aug 17 05:09:33 EDT 2004


Hi,

It appears that barnyard is not logging the alert classification. All I
can see from ACID are "unclassified" alerts. I'm running snort 2.2.0 and
barnyard 0.1.0. Here's my barnyard.conf file:

config daemon
config interface: bridge0
config filter: not port 22

processor dp_alert
processor dp_log
processor dp_stream_stat

output log_acid_db: mysql, sensor_id 1, database snort, server
<server_ip>, user snort, password <password>, detail full

And here's the entry in /var/log/messages when barnyard starts:

Aug 17 15:49:33 ids barnyard: AcidDbOpStop
Aug 17 15:49:38 ids barnyard: Args: mysql, sensor_id 1, database snort,
serve
Aug 17 15:49:38 ids barnyard: Initializing daemon mode
Aug 17 15:49:39 ids barnyard: Barnyard Version 0.1.0 (Build 17) started
Aug 17 15:49:39 ids barnyard: AcidDbOpStart
Aug 17 15:49:39 ids barnyard: OpAcidDB configuration details
Aug 17 15:49:39 ids barnyard: Database Flavour: mysql
Aug 17 15:49:39 ids barnyard: Detail Level: Full
Aug 17 15:49:39 ids barnyard: Database Server: 202.91.161.144
Aug 17 15:49:39 ids barnyard: Database User: snort
Aug 17 15:49:39 ids barnyard: SensorID: 1
Aug 17 15:49:39 ids barnyard: AcidDbOpStart Complete

/Francis




More information about the Snort-users mailing list