[Snort-users] log alert to database using barnyard2

Joel Esler jesler at ...1935...
Mon Jul 29 20:33:52 EDT 2013


Did you remove -A console from startup?

--
Joel Esler

> On Jul 29, 2013, at 8:25 PM, Ismi Junita Rahmawati <gizhworld at ...11827...> wrote:
> 
> 
> 
> 
>> On 30 July 2013 03:15, Y M <snort at ...15979...> wrote:
>> inline.
>> 
>> Date: Tue, 30 Jul 2013 03:06:25 +0700
>> From: gizhworld at ...11827...
>> To: snort-users at lists.sourceforge.net
>> Subject: [Snort-users] log alert to database using barnyard2
>> 
>> I have a little problem with logging alerts to database using barnyard. when I start snort to detect attact using syntax snort-A console-q-i eth0-c / usr / local / snort / etc / snort.conf, snort can comes up the alert. but alert cant entered into the databases.
>> 
>> The -A console will log alerts to the console and not to a unified2 log file that Barnyard expects.
>  
> I use syntax snort-A console-q-i eth0-c / usr / local / snort / etc / snort.conf only for check snort can detect or not. because base or snorby not show alert and database empty. 
> 
>> Remove the -A console from your command and specify the barnyard2 output plugin in snort.conf file, example:
>> 
>> output unified2: filename snort.log, limit 128
>  
> I have been setting that in barnyard.conf 
>  
>>  
>>  
>>  When I run this syntax 
>> /usr/local/bin/barnyard2-c / usr/local/snort/etc/barnyard2.conf-G / usr / local / snort / etc / gen-msg.map-S / usr / local / snort / etc / sid-msg.map-d / var / log / snort-f snort.u2-w / var/log/barnyard/barnyard2.waldo
>> 
>> I got a error , FATAL ERROR: The gene map file was included two times the command line (-G) [/ usr / local / snort / etc / gen-msg.map] and in the configuration file (config gen_map) [/ usr / local / snort / etc / gen-msg.map] need to be defined only once. 
>> 
>> Maybe you are specifying the gen-msg.map file in both the barnyarnd.conf file as well as your command? try specifying it in once place.
> Yes, I specifying the gen-msg.map in barnyard.conf and commad. if I have already specifying in barnyard, do we still specify in command? 
>  
>> can somebody tell me where my mistake? 
>> Thank you. 
>> 
>> ------------------------------------------------------------------------------ Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk
>> _______________________________________________ Snort-users mailing list Snort-users at lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
> 
> ------------------------------------------------------------------------------
> Get your SQL database under version control now!
> Version control is standard for application code, but databases havent 
> caught up. So what steps can you take to put your SQL databases under 
> version control? Why should you start doing it? Read more to find out.
> http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130729/02fc856b/attachment.html>


More information about the Snort-users mailing list