[Snort-users] problems with barnyard, snort and mysql

Kevin Smith kjsmith at ...13166...
Fri Mar 11 11:23:29 EST 2005


Hey everyone,

I already posted his on the forums but I noticed that I was accepted 
into the mailing list so I will also write it here as well, never hurts 
to cover all of your bases ;D. I am configuring a server that is using 
snort to examine traffic that would normally be deleted. By that, I mean 
traffic who's IP does not resolve to a valid location. We are using this 
information to detect possible users with virus on their machines. My 
question is what is a good configuration for Snort and Barnyard to work 
with MySQL. All the information I really need in the database is the 
source IP and port, destination IP and port, and the time that the 
packet was received. I am guessing that the '-A fast' option will take 
care of that part. So what should I have snort log too, what should 
barnyard pickup, and how do I export it to the database? I have tried a 
few different ways and I haven't had any luck. Thanks in advance for any 
solutions to my problem.

Kevin
Here is what my system is running:
SimplyMepis
MySQL -- Ver 14.7 Distrib 4.1.10, for pc-linux-gnu (i386)
Snort -- 2.2.0 Barnyard --
Barnyard Version 0.2.0 (Build 32)




More information about the Snort-users mailing list