[Snort-users] Fwd: [barnyard2-users] Can get barnyard2 to read from Snort log but won't write to alert file
wkitty42 at ...14940...
Mon Jul 22 15:24:44 EDT 2013
On 7/22/2013 14:53, mulhern wrote:
> Hi all,
> Barnyard2 is reading from Snort log and prints summary statistics about what
> it's read. The Snort log file is the result of reading from a ruleset that
> specifies to alert on anything and then pinging.
> I've specified output as "alert_fast: alert.fast" in barnyard2.conf but it just
> creates an empty alert.fast file. If I specify "alert_fast: stdout" it writes to
> standard output. If I specify "alert_fast: file alert.fast" it gives an error.
what is the error? our crystal balls are broken and in the shop again ;)
you are not trying to get BY2 to write to the same alert file that snort is
writing to, are you? they should each write to their own...
NOTE: No off-list assistance is given without prior approval.
Please keep mailing list traffic on the list unless
private contact is specifically requested and granted.
More information about the Snort-users