[Snort-users] Having problem with Barnyard

firnsy firnsy at ...14568...
Thu Jun 24 03:52:21 EDT 2010


The two important things to know is what is your output directives of
both snort.conf and barnyard2.conf.

This will reveal the problem I'm sure.

> [root at ...14908... snort]# ls -la /var/log/snort
> total 280
> drwxr-xr-x.  2 snort snort   4096 2010-06-23 11:34 .
> drwxr-xr-x. 15 root  root    4096 2010-06-23 12:00 ..
> -rw-------.  1 snort snort      0 2010-06-23 10:38 alert
> -rw-------.  1 root  root       0 2010-06-23 11:06 merged.log
> -rw-------.  1 root  root  277755 2010-06-23 20:03 snort.log
> [root at ...14908... snort]# 


Based on your reference to "-f snort.log", I have a sneaking suspicion
that you are not using the full unified v2 log, which will may also
cause some unexpected results.

Regards,

-- 
firnsy
www.securixlive.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100624/9f038c8f/attachment.sig>


More information about the Snort-users mailing list