[Snort-users] [Snort] tag: Tagged Packet and Snort Alert only show up when using barnyard?

Chan, Wilson wchan at ...14702...
Tue Nov 10 18:44:36 EST 2009

Im a bit confused here. When I output the events via snort.conf using
"output database" BASE doesn't show any Tagged or Snort Alert Packets.
But as soon as I comment out the "output database" from snort.conf and
enable it on barnyard.conf I start getting these alerts in BASE.  Any
ideas why this is happening?


Output from Base:


[snort <http://www.snortid.com/snortid.asp?QueryID=1> ] tag: Tagged


[snort <http://www.snortid.com/snortid.asp?QueryID=15581> ] Snort Alert




output database: log, mysql, user=snort password=xxxxx dbname=snort
host= sensor_name=Snort



output log_acid_db: mysql, database snort, server, user
snort, password xxxxx, detail full


==ps aux |grep snort==

snort    10463 89.4  1.2  67428 51992 ?        Rs   12:45  51:04
/usr/sbin/snort -D -i eth1 -u snort -g snort -c /etc/snort/snort.conf -l
/var/log/snort -F /etc/snort/bpf_file

root     10486  0.0  0.0   8684  3028 pts/0    S    12:45   0:00
/usr/local/bin/barnyard -c /etc/snort/barnyard.conf -g
/etc/snort/gen-msg.map -s /etc/snort/sid-msg.map -d /var/log/snort -f
snort.log -w /var/log/snort/barnyard.waldo -D




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20091110/86819a4d/attachment.html>

More information about the Snort-users mailing list