[Snort-users] Having problem with Barnyard

Nick Moore nmoore at ...1935...
Wed Jun 23 19:57:44 EDT 2010


JJ,

snort -i eth1 -c /etc/snort/snort.conf (pretty boring really)

barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.log -w
/etc/snort/barnyard2.waldo

Nick

On Wed, Jun 23, 2010 at 6:50 PM, JJC <cummingsj at ...11827...> wrote:

> What are your runtime options to start each snort and by2?
>
> On Wed, Jun 23, 2010 at 4:32 PM, Nick Moore <nmoore at ...1935...> wrote:
>
>> All,
>>
>> I'm having a problem with Barnyard putting data into MySQL. Snort is
>> seeing events and the log file is increasing, but no events have yet been
>> written to the database.
>>
>> I've attached my snort.conf and barnyard2.conf. Based on the Snort screen
>> output below, I'm sure events are triggering:
>>
>>
>> ===============================================================================
>> Action Stats:
>> ALERTS: 246
>> LOGGED: 246
>> PASSED: 0
>> =====================
>>
>> I'm sure I'm overlooking something simple. If anyone can point me in the
>> right direction, it would be much appreciated.
>>
>> Thanks!
>>
>> --
>> Nick Moore, SFCE, CISSP, CISA
>> Sr. Systems Engineer
>> Voice 708-336-9041
>> Email nick.moore at ...1935...
>> IM    nickgmoore (Yahoo)
>>       nickgmoore38 (AIM)
>>
>>    ,,_
>>   o"  )~   Sourcefire - The Creators of Snort
>>    ''''
>>
>> www.sourcefire.com         www.snort.org
>>
>>
>>
>> ------------------------------------------------------------------------------
>> ThinkGeek and WIRED's GeekDad team up for the Ultimate
>> GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the
>> lucky parental unit.  See the prize list and enter to win:
>> http://p.sf.net/sfu/thinkgeek-promo
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>
>
>


-- 
Nick Moore, SFCE, CISSP, CISA
Sr. Systems Engineer
Voice 708-336-9041
Email nick.moore at ...1935...
IM    nickgmoore (Yahoo)
      nickgmoore38 (AIM)

   ,,_
  o"  )~   Sourcefire - The Creators of Snort
   ''''

www.sourcefire.com         www.snort.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100623/7335e856/attachment.html>


More information about the Snort-users mailing list