[Snort-users] barnyard 2 not outputing logs to mysql

JJ Cummings cummingsj at ...11827...
Wed Apr 7 12:19:37 EDT 2010


You are wrong :-) .. unified2 is a single unified output that contains all
of the data that you need:

output unified2: filename snort.unified2, limit 128

That should do it.. then read the snort.unified2 spool files with barnyard2
and verify that you are generating events with snort...

barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.unified2
-w /var/log/snort/by2.waldo


On Wed, Apr 7, 2010 at 10:15 AM, Kum Weng Luey <kumwengluey at ...11827...>wrote:

> Yes, I guessed I have wrote it to unified2 files. Below was how i wrote it.
>
>
> output alert_unified2: filename snort.alert, limit 128
> output log_unified2: filename snort.log, limit 128
>
> My barnyard command goes like this:
>
> barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.alert -w
> /var/log/snort/by2.waldo
>
> Please correct me if I am wrong.
> Thanks
> KW
>
> On Thu, Apr 8, 2010 at 12:11 AM, JJ Cummings <cummingsj at ...11827...> wrote:
>
>> Make sure that you are writing unified2 from snort and reading those files
>> with barnyard2.. also that you have events being generated and thusly
>> populated into said unified2 files.
>>
>> JJC
>>
>>   On Wed, Apr 7, 2010 at 10:04 AM, Kum Weng Luey <kumwengluey at ...11827...>wrote:
>>
>>>   Hi all,
>>>
>>> A query yet again, I have used barnyard2 in-place of barnyard after much
>>> consideration and did configuration as how I did for barnyard.
>>> Everything was working fine till i check mysql tables. Nothing was output
>>> to the database.
>>> I've checked my barnyard2 config file and double checked the database
>>> username and password.
>>> Everything seems right. Could i have missed out something that i did not
>>> notice. Thank you peeps for any help rendered.
>>>
>>>
>>>
>>>
>>> Regards,
>>>
>>> KW
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Download Intel® Parallel Studio Eval
>>> Try the new software tools for yourself. Speed compiling, find bugs
>>> proactively, and fine-tune applications for parallel performance.
>>> See why Intel Parallel Studio got high marks during beta.
>>> http://p.sf.net/sfu/intel-sw-dev
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users at lists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>> Snort-users list archive:
>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>>
>>
>>
>>
>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100407/3af4a16f/attachment.html>


More information about the Snort-users mailing list