Re: [Snort-users] Barnyard not logging alert classification
This is a discussion on Re: [Snort-users] Barnyard not logging alert classification within the Snort forums, part of the System Security and Security Related category; Try Barnyard 0.2.0, there was a lot of work done on Barnyard 0.2.0 to fix problems ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
08-17-2004
|
|||
|
|||
Re: [Snort-users] Barnyard not logging alert classification
Try Barnyard 0.2.0, there was a lot of work done on Barnyard 0.2.0 to
fix problems in the 0.1.0 implementation and streamline Barnyard's operation. Give it a shot! -Marty On Aug 17, 2004, at 3:51 AM, Francis A. Vidal wrote: > Hi, > > It appears that barnyard is not logging the alert classification. All I > can see from ACID are "unclassified" alerts. I'm running snort 2.2.0 > and > barnyard 0.1.0. Here's my barnyard.conf file: > > config daemon > config interface: bridge0 > config filter: not port 22 > > processor dp_alert > processor dp_log > processor dp_stream_stat > > output log_acid_db: mysql, sensor_id 1, database snort, server > <server_ip>, user snort, password <password>, detail full > > And here's the entry in /var/log/messages when barnyard starts: > > Aug 17 15:49:33 ids barnyard: AcidDbOpStop > Aug 17 15:49:38 ids barnyard: Args: mysql, sensor_id 1, database snort, > serve > Aug 17 15:49:38 ids barnyard: Initializing daemon mode > Aug 17 15:49:39 ids barnyard: Barnyard Version 0.1.0 (Build 17) started > Aug 17 15:49:39 ids barnyard: AcidDbOpStart > Aug 17 15:49:39 ids barnyard: OpAcidDB configuration details > Aug 17 15:49:39 ids barnyard: Database Flavour: mysql > Aug 17 15:49:39 ids barnyard: Detail Level: Full > Aug 17 15:49:39 ids barnyard: Database Server: 202.91.161.144 > Aug 17 15:49:39 ids barnyard: Database User: snort > Aug 17 15:49:39 ids barnyard: SensorID: 1 > Aug 17 15:49:39 ids barnyard: AcidDbOpStart Complete > > /Francis > > > ------------------------------------------------------- > SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media > 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 > Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. > http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 > _______________________________________________ > Snort-users mailing list > Snort-users@lists.sourceforge.net > Go to this URL to change user options or unsubscribe: > https://lists.sourceforge.net/lists/...fo/snort-users > Snort-users list archive: > http://www.geocrawler.com/redir-sf.p...st=snort-users > > -- Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616 Sourcefire: Intelligent Security Monitoring roesch@sourcefire.com - http://www.sourcefire.com Snort: Open Source Network IDS - http://www.snort.org ------------------------------------------------------- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
