[Snort-users] Barnyard2 + Snort

Fábio Ferrão ferrao04 at ...11827...
Thu Mar 25 14:48:59 EDT 2010


Dears,

My barnyard2 is initialize with success, but the alerts aren't registering
in BASE.
The snort.conf is:

# output database: log, mysql, user=snort password=test dbname=snort
host=xx.xx.xx.xx sensor_name=test_server
# output database: alert, postgresql, user=snort dbname=snort
# output database: log, odbc, user=snort dbname=snort
# output database: log, mssql, dbname=snort user=snort password=test
# output database: log, oracle, dbname=snort user=snort password=test
output alert_unified: filename snort_uni.alert, limit 128
output log_unified: filename snort_uni.log, limit 128
output unified2: filename snort.unified2, limit 128

The snort initialization is:

/etc/rc.conf
snort_enable="YES"
snort_flags="-D -q"
snort_interface="bge1"
snort_conf="/usr/local/snort/snort.conf"
snort_group="snortgrp"


The barnyard2.conf is:

config reference-map:   /usr/local/snort/reference.config
config class-map:          /usr/local/snort/classification.config
config gen-msg-map:     /usr/local/snort/gen-msg.map
config sid-msg-map:         /usr/local/snort/sid-msg.map
config hostname:        teste_server
config interface:       bge1

# Step 2: setup the input plugins
input unified2
output database: log, mysql, user=snort password=test dbname=snort
host=xx.xx.xx.xx sensor_name=test_server
output database: alert, mysql, user=snort password=suporte dbname=snort
host=xx.xx.xx.xx sensor_name=teste_server

The barnyard2 initialization is:

####BARNYARD2####
barnyard2_enable="YES"
barnyard2_flags="-D -q -d /var/spool/barnyard2 -f
/var/log/snort/snort.unified2"
barnyard2_conf="/usr/local/etc/barnyard2.conf"


I'm trying, but barnyard isn't success yet.

Can somebody help me?

Thanks.

-- 
Fábio Ferrão

"E conhecereis a verdade e a verdade vos libertará".    João 8.32
"And you will know the truth and the truth you will free".    John 8.32
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100325/6689e56b/attachment.html>


More information about the Snort-users mailing list