[Snort-users] log alert to database using barnyard2

Ismi Junita Rahmawati gizhworld at ...11827...
Mon Jul 29 20:25:49 EDT 2013


On 30 July 2013 03:15, Y M <snort at ...15979...> wrote:

> inline.
>
> ------------------------------
> Date: Tue, 30 Jul 2013 03:06:25 +0700
> From: gizhworld at ...11827...
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] log alert to database using barnyard2
>
> I have a little problem with logging alerts to database using barnyard.
> when I start snort to detect attact using syntax snort-A console-q-i eth0-c
> / usr / local / snort / etc / snort.conf, snort can comes up the alert. but
> alert cant entered into the databases.
>
> The -A console will log alerts to the console and not to a unified2 log
> file that Barnyard expects.
>

I use syntax snort-A console-q-i eth0-c / usr / local / snort / etc /
snort.conf only for check snort can detect or not. because base or snorby
not show alert and database empty.

Remove the -A console from your command and specify the barnyard2 output
> plugin in snort.conf file, example:
>
> output unified2: filename snort.log, limit 128
>

I have been setting that in barnyard.conf


>
>

>
 When I run this syntax
> /usr/local/bin/barnyard2-c / usr/local/snort/etc/barnyard2.conf-G / usr /
> local / snort / etc / gen-msg.map-S / usr / local / snort / etc /
> sid-msg.map-d / var / log / snort-f snort.u2-w /
> var/log/barnyard/barnyard2.waldo
>
> I got a error , FATAL ERROR: The gene map file was included two times the
> command line (-G) [/ usr / local / snort / etc / gen-msg.map] and in the
> configuration file (config gen_map) [/ usr / local / snort / etc /
> gen-msg.map] need to be defined only once.
>
> Maybe you are specifying the gen-msg.map file in both the barnyarnd.conf
> file as well as your command? try specifying it in once place.
>
> Yes, I specifying the gen-msg.map in barnyard.conf and commad. if I have
already specifying in barnyard, do we still specify in command?


> can somebody tell me where my mistake?
> Thank you.
>
> ------------------------------------------------------------------------------
> Get your SQL database under version control now! Version control is
> standard for application code, but databases havent caught up. So what
> steps can you take to put your SQL databases under version control? Why
> should you start doing it? Read more to find out.
> http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk
> _______________________________________________ Snort-users mailing list
> Snort-users at lists.sourceforge.net Go to this URL to change user options
> or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users<https://lists.sourceforge.net/lists/listinfo/snort-usersSnort-users>list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-usersPlease visit
> http://blog.snort.org to stay current on all the latest Snort news!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130730/500b3733/attachment.html>


More information about the Snort-users mailing list