[Snort-users] Serious Snort Bug Could Lead To Next Slammer
michaels at ...9077...
Thu Oct 20 04:41:24 EDT 2005
I found this:
No mention on Snort.org or in the list.
WINSNORT.com Management Team Member
Pick up your FREE Windows or UNIX Snort installation guides
mailto:support at ...9077...
Snort: Open Source Network IDS - http://www.snort.org
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Igor Belikov
Sent: Thursday, October 20, 2005 12:18 AM
To: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] need help configuring snort + barnyard
Wednesday, October 19, 2005, 7:31:05 PM, you wrote:
CE> | I configured snort to write both alert and log files in unified
CE> | format. But I can't configure barnyard properly to store in DB
CE> | detailed info about alerts.
CE> | Barnyard "watch" alert files and stores info about alerts, but I
CE> | need also store whole packets caused alert.
CE> It seems you don't need to have snort write both unified files. All the
CE> required info seems to be in the unified "log" file, so this is what you
CE> want barnyard to read. It's not at all clear to us what info is in the
CE> unified "alert" file that's not *also* in the unified "log" file. So we
CE> don't write a unified "alert" file at all.
It's sounds good, but I still can't configure snort + barnyard.
output log_unified: filename snort.log, limit 128
output log_acid_db: mysql, sensor_id 1, database snort, server x.x.x.x, user
xxxxx, password xxxxx, detail full
In /log directory I see "snort.log.<timestamp>", "barnyard.waldo"
(with correct link to snort.log) and "alert" (with alerts produced by
Watching log files I see that barnyard works (link in waldo file
follows growing snort.log), but I don't get any new alerts in DB.
Using previous variant of configs (using unified alert) barnyard put
all alerts in DB.
Please, point me where I make mistake.
Igor mailto:ivb at ...13431...
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
More information about the Snort-users