[Snort-users] output plugins barnyard2

firnsy firnsy at ...14568...
Wed Dec 16 04:16:52 EST 2009


On Wed, 2009-12-16 at 12:57 +0530, Pradeep Lamabam wrote:
> thank you all for your assistance so far.
> 

G'day Pradeep,

> i am using snort with barnyard2. what i want to is :
> 1 log events to mysql database (works fine !!)
> 2 log alerts to a file in /var/log/snort/<alert filename>,( work
> fine !!), am using this file with snort_stat.pl and lastly
> 3 log the whole packet to a file in /va/log/snort/<filename>, so that
> i can use it with wireshark. (NOT WORKING !! )
> 

> 1 and 2 has been configured in barnyard2.conf file as :
> a) output alert_fast: /var/log/snort/<alert filename> and
> b) output database: alert, mysql, user=snort password=password
> dbname=snort host=localhost
> c) using output log_tcpdump in barnyard2.conf for step 3 doesn't
> helps, since it logs only raw data and not protocol informations!!
> 
> i would greatly appreciate if someone could help me pass through step
> 3 !!
> 

I am happy to help you with this problem, please provide me with your
current version of barnyard2 (barnyard2 -V) offline and we'll take it
from there.

For the rest of the audience, I'll post the solution back here when
solved.

Regards,

-- 
firnsy
www.securixlive.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20091216/01732a6c/attachment.sig>


More information about the Snort-users mailing list