[Snort-users] Barnyard: Syslog output FAIL!

Jason Wallace jason.r.wallace at ...11827...
Fri Nov 13 09:26:26 EST 2009


I would recommend having snort output using the unified2 format and
use barnyard2 http://www.securixlive.com/barnyard2/download.php

The unified2 format has both the alert and log information in one file
so you only need one instance of barnyard2. The original barnyard is
outdated, unmaintained, and does not support unified2. You're not
likely to get a lot of help using the original version of barnyard.

On Thu, Nov 12, 2009 at 9:37 PM, Chan, Wilson <wchan at ...14702...> wrote:
> Why is barnyard not outputting to syslog? Configurations below:
>
>
>
> What is driving me nuts is when I run in batch mode for snort.log nothing
> happens on syslog but as soon as I run batch mode in alert it get output.
> How do you get syslog to report on the snort.log files in daemon mode?
>
>
>
> barnyard -o snort.log.1258079148 –v
>
> barnyard -o snort.alert.1258079148 -v
>
>
>
> ==barnyard.conf==
>
> config daemon
>
> config localtime
>
> config hostname: snort-test-laptop
>
> config interface: eth2
>
> output log_dump
>
> output alert_syslog: LOG_LOCAL4 LOG_ALERT
>
>
>
> ==/etc/syslog.conf==
>
> #Output logs from Barnyard to Syslog Server (remote)
>
> local4.*                                         @192.168.1.1
>
>
>
>
>
> Wilson
>
>
>
> ------------------------------------------------------------------------------
> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
> trial. Simplify your report design, integration and deployment - and focus
> on
> what you do best, core application coding. Discover what's new with
> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>




More information about the Snort-users mailing list