RE: [Snort-users] barnyard logging problems
This is a discussion on RE: [Snort-users] barnyard logging problems within the Snort forums, part of the System Security and Security Related category; I asked a while back, too. No one spoke up. The only solution I found was to not log both ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
09-26-2003
|
|||
|
|||
RE: [Snort-users] barnyard logging problems
I asked a while back, too. No one spoke up. The only solution I found was
to not log both types to the same database. - Gordon "When I finally found a spam filter that worked, I no longer received ANY email." -----Original Message----- From: snort-users-admin@lists.sourceforge.net [mailto:snort-users-admin@lists.sourceforge.net] On Behalf Of Jason Sent: Friday, September 26, 2003 7:47 AM To: snort users Subject: [Snort-users] barnyard logging problems I hate having to repost, but no one ever answered, and the problem is getting worse as the DB gets larger. I currently have 7 sensors pointed to the backend DB. Below is the conf file from one of them. Could someone post their barnyard config files (someone logging both alerts and logs), I seem to be having an issue. When running two instances of barnyard, 1 always seems to crap out on me when it hits a duplicate key (which is what it should do, however I cannot seem to prevent the duplicate keys..... Below is the error and the conf files. Most options (daemon mode etc) are started from the command line, each instance uses its own pid and waldo file. Sep 16 14:20:08 snortdmz barnyard: FATAL ERROR: Error (Duplicate entry '3-5882' for key 1) executing query: INSERT INTO event(sid, cid, signature, timestamp) VA LUES('3', '5882', '40', '2003-09-16 14:05:21 -0400') Barnyard conf no 1: ------------------- snortdmz# more barnyard.conf.alert #config daemon config localtime config hostname: snort.dmz config interface: fxp0 config filter: not port 22 processor dp_alert processor dp_log processor dp_stream_stat output alert_fast output log_dump #output alert_syslog #output log_pcap output alert_acid_db: mysql, sensor_id 4, database snort_log, server 127.0.0.1, user snort, password ***** #output log_acid_db: mysql, database snort_log, server 127.0.0.1, user snort,password *****, detail full Barnyard conf no 2: -------------------snortdmz# more barnyard.conf.log #config daemon config localtime config hostname: snort.dmz config interface: fxp0 config filter: not port 22 processor dp_alert processor dp_log processor dp_stream_stat #output alert_fast #output log_dump #output alert_syslog #output log_pcap #output alert_acid_db: mysql, sensor_id 3, database snort_log, server 127.0.0.1, user snort, password ***** output log_acid_db: mysql, database snort_log, server 127.0.0.1, user snort,password *****, detail full ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
