[Snort-users] [Snort] tag: Tagged Packet and Snort Alert only show up when using barnyard?

Chan, Wilson wchan at ...14702...
Tue Nov 10 18:44:36 EST 2009


Im a bit confused here. When I output the events via snort.conf using
"output database" BASE doesn't show any Tagged or Snort Alert Packets.
But as soon as I comment out the "output database" from snort.conf and
enable it on barnyard.conf I start getting these alerts in BASE.  Any
ideas why this is happening?

 

Output from Base:

#24-(16-173)
<http://172.31.62.248/base/base_qry_alert.php?submit=%2324-%2816-173%29&
sort_order=time_d>  

[snort <http://www.snortid.com/snortid.asp?QueryID=1> ] tag: Tagged
Packet 

#27-(16-170)
<http://172.31.62.248/base/base_qry_alert.php?submit=%2327-%2816-170%29&
sort_order=time_d>  

[snort <http://www.snortid.com/snortid.asp?QueryID=15581> ] Snort Alert
[1:15581:0] 

 

 

==snort.conf==

output database: log, mysql, user=snort password=xxxxx dbname=snort
host=192.168.1.1 sensor_name=Snort

 

==barnyard.conf==

output log_acid_db: mysql, database snort, server 192.168.1.1, user
snort, password xxxxx, detail full

 

==ps aux |grep snort==

snort    10463 89.4  1.2  67428 51992 ?        Rs   12:45  51:04
/usr/sbin/snort -D -i eth1 -u snort -g snort -c /etc/snort/snort.conf -l
/var/log/snort -F /etc/snort/bpf_file

root     10486  0.0  0.0   8684  3028 pts/0    S    12:45   0:00
/usr/local/bin/barnyard -c /etc/snort/barnyard.conf -g
/etc/snort/gen-msg.map -s /etc/snort/sid-msg.map -d /var/log/snort -f
snort.log -w /var/log/snort/barnyard.waldo -D

 

Wilson

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20091110/86819a4d/attachment.html>


More information about the Snort-users mailing list