[Snort-users] Barnyard2 setup question (I'm not getting alerts from both instances)

Avery Rozar Avery.Rozar at ...16118...
Mon Apr 14 12:51:21 EDT 2014

Gotcha, I think the sensor_name may be messing me up.


From: Y M <snort at ...15979...<mailto:snort at ...15979...>>
Date: Monday, April 14, 2014 at 11:39 AM
To: Avery Rozar <avery.rozar at ...16118...<mailto:avery.rozar at ...16118...>>
Cc: snort-users <snort-users at lists.sourceforge.net<mailto:snort-users at ...7287....sourceforge.net>>
Subject: RE: [Snort-users] Barnyard2 setup question (I'm not getting alerts from both instances)

You would need two Barnyard2 processes. Each Snort process will  log u2 to its own directory, such as

snort00 --> logs to --> /path/to/logs/snort00
snort01 --> logs to --> /path/to/logs/snort01

And then have each Barnyard2 process read from its respective directory. However, you need to make sure that the "sensor_name" in each barnyard2.conf file is unique to eliminate conflict. Also, each logging directory will have its own waldo file (transactions file) so that Barnyard2 keeps track transactions.


> From: Avery.Rozar at ...16118...<mailto:Avery.Rozar at ...16118...>
> To: snort-users at lists.sourceforge.net<mailto:snort-users at ...2652...e.net>
> Date: Mon, 14 Apr 2014 14:22:19 +0000
> Subject: [Snort-users] Barnyard2 setup question (I'm not getting alerts from both instances)
> I have two snort instances (snort00, and snort01) running, inline for dna0:dna1, and inline for dna2:dna3.
> Snort instance 0 logs to snort00 (unified2)
> Snort instance 1 logs to snort01 (unified2)
> Barnyard2 instance 0 picks up snort00, and writes to alert0
> Barnyard2instance 1 picks up snort01, and writes to alert1
> Should I only have one barnyard2 instance? Its seems that I’m only getting alerts written to one or the other (alert0, alert1) not both. Even if an alerts triggers and gets written to snort00 or snort01 unified2 file.
> Thanks,
> Avery
> ------------------------------------------------------------------------------
> Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases and their
> applications. Written by three acclaimed leaders in the field,
> this first edition is now available. Download your free book today!
> http://p.sf.net/sfu/NeoTech
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net<mailto:Snort-users at ...3893...t>
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> Please visit http://blog.snort.org to stay current on all the latest Snort news!

More information about the Snort-users mailing list