[Snort-users] Barnyard part 2

Jeff Dell jdell at ...1095...
Thu Jul 29 06:38:09 EDT 2004


Make sure you are alerting to unified as well. i.e. uncomment the following
line in your snort.conf file:
 
output alert_unified: filename snort.alert, limit 128
 
If your rules are alerts and you are outputting to log_unified you will have
issues...
 
Jeff

  _____  

From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Esler, Joel -
Contractor
Sent: Thursday, July 29, 2004 8:46 AM
To: Esler, Joel - Contractor; snort-users at lists.sourceforge.net; Maetzky,
Steffen (Extern)
Subject: RE: [Snort-users] Barnyard part 2


I see that my Snort -> mysql used the "log" facility.  Is there a similar
command in barnyard, or do I have to change my rules from alert to log?
 
J
-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Esler, Joel -
Contractor
Sent: Thursday, July 29, 2004 8:40 AM
To: snort-users at lists.sourceforge.net; Maetzky, Steffen (Extern)
Subject: [Snort-users] Barnyard part 2


Okay, Now, previous setup was Snort logging directly to mysql.  Now it is
logging to unified, Barnyard is now processing the mysql entries, however,
it is not inputting the packet data into ACID.  Where did the packet data
go?
 
J
 
(barnyard.conf)
 
output alert_acid_db: mysql, sensor_id 7, database snort, server 127.0.0.1,
user snort
output log_acid_db: mysql, database snort, server 127.0.0.1, user snort,
detail full
 
Do i need to comment out alert_acid_db, and make it just "log_acid_db?
 
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20040729/122caa56/attachment.html>


More information about the Snort-users mailing list