[Snort-users] barnyard regular restart required

Ian Masters ian at ...12163...
Wed Mar 11 21:53:59 EDT 2009


Bamm

Sorry for the delay replying.

> 1) grep -v '^#' barnyard.conf | grep -v ^$

config daemon
config localtime
config hostname: mail-op-snort
config interface: eth0
config filter: not port 22
output alert_acid_db: mysql, sensor_id 1, database snort, server
localhost, user snort, password xxxxxxxx
output log_acid_db: mysql, database snort, server localhost, user snort,
password xxxxxxxx, detail full

> 2) Command line used to start barnyard

/usr/local/bin/barnyard -c /etc/snort/barnyard.conf -g
/etc/snort/gen-msg.map -s /etc/snort/sid-msg.map -d /var/log/snort -f
snort.log -w /var/log/snort/barnyard.waldo -D

> 3) grep '^output' snort.conf

output alert_unified: filename snort.alert, limit 128
output log_unified: filename snort.log, limit 128

> 4) Command line used to start snort

/usr/local/bin/snort -i eth0 -c /etc/snort/snort.conf -D -g snort -u snort

Ian





More information about the Snort-users mailing list