[Snort-users] problems with barnyard, snort and mysql
kjsmith at ...13166...
Fri Mar 11 14:13:33 EST 2005
I used what you wrote to me and I am getting this for an error:
WARNING /usr/local/src/barnyard-0.2.0/etc/barnyard.conf(127) => Unknown
output plugin "alert_acid_db" referenced, ignoring!Fatal Error, Quitting..
I guess my next question would be where do I define that output plug-in.
Thanks for your reply.
Alejandro Flores wrote:
>output log_unified: filename /var/log/snort/snort.log, limit 128
>output alert_acid_db: mysql, database DBNAME server localhost,
>sensor_id 1, user DBUSER, password DBPASS
>barnyard -c /etc/barnyard.conf -d /var/log/snort -a
>/var/log/snort-archive -f snort.log -w /var/log/snort/waldo -s
>/etc/snort/sid-msg.map -g /etc/snort/gen-msg.map -p
>Start Snort with no '-A' and '-b' options. (for example:)
>snort -C -d -c /etc/snort/snort.conf -i IF_YOURE_LISTENING_TO -D
>Ok, now just relax and wait.
>Next, install BASE to analyse data.
>>I already posted his on the forums but I noticed that I was accepted
>>into the mailing list so I will also write it here as well, never hurts
>>to cover all of your bases ;D. I am configuring a server that is using
>>snort to examine traffic that would normally be deleted. By that, I mean
>>traffic who's IP does not resolve to a valid location. We are using this
>>information to detect possible users with virus on their machines. My
>>question is what is a good configuration for Snort and Barnyard to work
>>with MySQL. All the information I really need in the database is the
>>source IP and port, destination IP and port, and the time that the
>>packet was received. I am guessing that the '-A fast' option will take
>>care of that part. So what should I have snort log too, what should
>>barnyard pickup, and how do I export it to the database? I have tried a
>>few different ways and I haven't had any luck. Thanks in advance for any
>>solutions to my problem.
>SF email is sponsored by - The IT Product Guide
>Read honest & candid reviews on hundreds of IT Products from real users.
>Discover which products truly live up to the hype. Start reading now.
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>Snort-users list archive:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users