[Snort-users] display tcp payload with BASE

Link Ragus linkragus at ...11827...
Wed May 2 18:52:45 EDT 2012


Hello all,

I am new to Snort, I use Snort2.9.2.2>barnyard2>MySQL>BASE, and  have
a probleme: I can't display the tcp payload with BASE. So how can I
display tcp payload?


Thanks!



barnyard2.conf:

output database: log, mysql, user=snortuser password=snortpassword
dbname=snort host=localhost detail=full


snort.conf:

output unified2: filename snort.log, limit 128



Running in Continuous mode

        --== Initializing Barnyard2 ==--
Initializing Input Plugins!
Initializing Output Plugins!
Parsing config file "/etc/snort/barnyard2.conf"
ERROR: Unable to open SID file '/etc/snort/sid-msg.map' (No such file
or directory)
Log directory = /var/log/barnyard2
Node unique name is:

Last event seen for sid 4 was 9


database: compiled support for (mysql)
database: configured to use mysql
database: schema version = 107
database:           host = localhost
database:           user = snortuser
database:  database name = snort
database:    sensor name =
database:      sensor id = 4
database:     sensor cid = 10
database:  data encoding = hex
database:   detail level = full
database:     ignore_bpf = no
database: using the "log" facility
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120503/225d5f5c/attachment.html>


More information about the Snort-users mailing list