[Snort-users] Fwd: [barnyard2-users] Can get barnyard2 to read from Snort log but won't write to alert file

waldo kitty wkitty42 at ...14940...
Mon Jul 22 15:24:44 EDT 2013


On 7/22/2013 14:53, mulhern wrote:
> Hi all,
>
> Barnyard2 is reading from Snort log and prints summary statistics about what
> it's read. The Snort log file is the result of reading from a ruleset that
> specifies to alert on anything and then pinging.
>
> I've specified output as "alert_fast: alert.fast" in barnyard2.conf but it just
> creates an empty alert.fast file. If I specify "alert_fast: stdout" it writes to
> standard output. If I specify "alert_fast: file alert.fast" it gives an error.

what is the error? our crystal balls are broken and in the shop again ;)

you are not trying to get BY2 to write to the same alert file that snort is 
writing to, are you? they should each write to their own...

-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.




More information about the Snort-users mailing list