|
|
|
|
Snort Forums Archive
Archive Home » Third Party Tools » Barnyard issue
Please note that the categories listed below represent an archived version of our forums pages. To view the current version and be able to post and reply to threads, please register and login here to go to the full forums pages.
[ Notice: Full Version of This Topic ]
Barnyard issue
Posted by abermudez on July 19, 2005 13:31:41
I originally posted this under newbies--then saw this section a day later...
I have setup Snort 2.3.3 on a Fedora 4 box with Barnyard 0.2.0 and Base 1.1.3. Base and snort appear to be working fine--but I cannot get Barnyard to read the data from the binary log and move it into the MQSQL db. Snort is creating the logs in the /var/log/snort/ directory and naming them snort.log.1121721347 (or some other timestamp for each file). The barnyard.conf output is set to: "output log_acid_db: mysql, database snort, server localhost, user username, password pwd, sensor_id 1". I am using this command to start barnyard (no errors when I start it): /usr/local/bin/barnyard -D -c barnyard.conf -w /var/log/snort/snort_waldo.log -f snort.log -X /var/run/barnyard.pid...
|
|
Posted by jbarton on July 29, 2005 17:34:31
I am having a similar issue with my setup. I have snort setup with both log_unified and alert_unified, and it is writing both files as expected. I have barnyard setup with alert_fast and log_dump. It is properly writing to the alert file, but it is not writing a dump of the packets from snort's log_unified. Regardless of what output type I enable to process the log_unified data, I cant seem to get any output. Does anyone out there have any suggestions? |
|
|
|
|
|
