[Snort-users] [barnyard2-users] Logging to the Windows event log
michaels at ...9077...
Wed Jan 30 21:29:08 EST 2013
Yes, that logs events to the Application log in Windows, but Barnyard2 fails
to process events to the database?
If I remove the -E switch Barnyard2 processes events to the database.
It appears that selecting the -E switch disables all other logging
> -----Original Message-----
> From: barnyard2-users at ...14071... [mailto:barnyard2-
> users at ...14071...] On Behalf Of Rich Rumble
> Sent: Wednesday, January 30, 2013 8:43 PM
> To: barnyard2-users at ...14071...
> Subject: Re: [barnyard2-users] Logging to the Windows event log
> On Wed, Jan 30, 2013 at 8:32 PM, Rich Rumble <richrumble at ...11827...>
> > On Wed, Jan 30, 2013 at 8:25 PM, Michael Steele
> <michaels at ...9077...> wrote:
> >> Snort used to log events to the Event Viewer under Application log,
> >> but apparently that function is no longer works.
> >> Using the below in the snort.conf used to work:
> >> output alert_syslog: LOG_AUTH LOG_ALERT
> > Again this was a command line switch in snort not a CONF setting, I've
> > looked at the source and change logs, it should still be present from
> > what I can tell, try the "-E" option:
> > http://flylib.com/books/en/126.96.36.199/1/
> Just downloaded the latest
> C:\Snort\bin>snort --help
> ,,_ -*> Snort! <*-
> o" )~ Version 2.9.4-WIN32 GRE (Build 40)
> '''' By Martin Roesch & The Snort Team:
> Copyright (C) 1998-2012 Sourcefire, Inc., et al.
> Using PCRE version: 8.10 2010-06-25
> Using ZLIB version: 1.2.3
> USAGE: snort [-options] <filter options>
> snort /SERVICE /INSTALL [-options] <filter options>
> snort /SERVICE /UNINSTALL
> snort /SERVICE /SHOW
> -A Set alert mode: fast, full, console, test or none
> (alert file alerts only)
> -b Log packets in tcpdump format (much faster!)
> -B <mask> Obfuscated IP addresses in alerts and packet dumps
> CIDR mask
> -c <rules> Use Rules File <rules>
> -C Print out payloads with character data only (no hex)
> -d Dump the Application Layer
> -e Display the second layer header info
> -E Log alert messages to NT Eventlog. (Win32 only)
> I haven't had time to try it though...
> You received this message because you are subscribed to the Google Groups
> "barnyard2-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to barnyard2-users+unsubscribe at ...15441...
> For more options, visit https://groups.google.com/groups/opt_out.
More information about the Snort-users