|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Alwin Raymundo (alrayworld_at_yahoo.com)
Date: Wed Oct 16 2002 - 07:46:45 CDT
Hi Martin,
Thank for the info.
I already adjustment my configuration on both snort
and barnyard but showing me an error.
-*> Barnyard! <*-
Version 0.1.0-rc3 (Build 11)
By Andrew R. Baker (andrewb
snort.org)
and Martin Roesch (roeschsourcefire.com,
www.snort.org)
Loading Data Processors...
dp_alert loaded
dp_log loaded
dp_stream_stat loaded
Loading Built-in Output Plugins...
Fast Alert plugin initialized
AlertSyslog initialized
Log Dump plugin initialized
LogPcap initialized
AcidDb output plugin initialized
AlertCSV initialized
Parsing Config file: /etc/snort/barnyard.conf
Args: mysql, sensor_id 1, database snort, server
localhost, user usnort, password loghog, detail full
Barnyard Version 0.1.0-rc3 (Build 11) started
No Files found to read. Exiting
Fatal Error, Quitting..
Exiting
barnyard.conf
output log_acid_db: mysql, sensor_id 1, database
snort, server localhost, user thalium, password
4e770!, detail full
in my snort.conf
output log_unified: filename snort.log, limit 128
and I started by barnyard with
barnyard -c /etc/snort/barnyard.conf \
-d /var/log/snort -g /etc/snort/gen-msg.map \
-s /etc/snort/sid-msg.map -f scan.log
Is there any misconfiguration that I did. Because
barnyard complaining about "no files found to read".
When I look at my /var/log/snort the file snort.log is
there and existing. Please correct me if I did
misconfiguration. I appreciate it.
Thanks
Your brother in snort
--- Martin Roesch <roeschsourcefire.com> wrote:
> You need to setup log_unified in your snort.conf,
> alert_unified only
> reports the event data, not the packet logs.
>
> -Marty
>
> On Tuesday, October 15, 2002, at 08:37 AM, Alwin
> Raymundo wrote:
>
> > Hi Marty,
> >
> > Sorry I'm busy this week and I just open my email.
> >
> > in my snort.conf
> > output aler_unified: filename snort.alert, limit
> 128
> >
> > in barnyard.conf
> > config hostname: snorthost
> > config interface: fxp0
> > config filter: not port 22
> > processor dp_alert
> > processor dp_log
> > processor dp_stream_stat
> > output alert_fast
> > output log_dump
> > output alert_acid_db: mysql, sensor_id 1, database
> > snort, server localhost, user usnort, password
> loghog
> >
> > I'm new with barnyard. Thanks in Advance for your
> > help.
> >
> > Your brother in snort
> >
> > Alwin
> > --- Martin Roesch <roeschsourcefire.com> wrote:
> >> Which unified output option are you guys using?
> >>
> >> -Marty
> >>
> >>
> >> On 10/1/02 8:57 AM, "Alwin Raymundo"
> >> <alrayworldyahoo.com> wrote:
> >>
> >>> Hi Ron,
> >>>
> >>> Yap to me the payload is very important. for my
> >> own
> >>> opinion. we know that somebody trying to do
> some
> >>> nasty thing to our server but how?
> >>>
> >>> without the payload its look like I shooting in
> >> the
> >>> dark.
> >>>
> >>> Thanks
> >>>
> >>>
> >>> --- Ron Shuck <rshuckBuchanan.com> wrote:
> >>>> Hey Alwin,
> >>>>
> >>>> I found the same results. I haven't heard if
> >> there
> >>>> are plans to include
> >>>> this, or if it should work and we just missed
> >>>> something.
> >>>>
> >>>>
> >>>> Ron Shuck, CISSP - Managing Consultant
> >>>> Buchanan Associates - A Technology Company in
> the
> >>>> People Business
> >>>> http://www.buchanan.com
> >>>> http://www.isc2.org
> >>>>
> >>>>
> >>>> ---original message---
> >>>> Date: Mon, 30 Sep 2002 11:36:39 -0700 (PDT)
> >>>> From: Alwin Raymundo <alrayworldyahoo.com>
> >>>> To: user snort
> >> <snort-userslists.sourceforge.net>
> >>>> Subject: [Snort-users] barnyard (Payload)
> >>>>
> >>>> Hi Everybody,
> >>>>
> >>>> I don't know if this is already posted in
> >> previous
> >>>> discussion and this morning I just setup the
> >>>> barnyard.
> >>>> I like it because it fast to log all packets
> in
> >> my
> >>>> mysql and acid but I notice there is no
> payload.
> >>>>
> >>>> Is this normal? is there in another way to get
> >> the
> >>>> payload?.
> >>>>
> >>>> Any help would be appreciated.
> >>>>
> >>>> Thanks in advance.
> >>>>
> >>>>
> >>>>
> >>>>
> >>>
> >>>> ATTACHMENT part 2 application/x-pkcs7-signature
> >>> name=smime.p7s
> >>>
> >>>
> >>>
> >>> =====
> >>> Alwin Raymundo
> >>>
> >>>
> __________________________________________________
> >>> Do you Yahoo!?
> >>> New DSL Internet Access from SBC & Yahoo!
> >>> http://sbc.yahoo.com
> >>>
> >>>
> >>>
> >>
> >
>
-------------------------------------------------------
> >>> This sf.net email is sponsored by: DEDICATED
> >> SERVERS only $89!
> >>> Linux or FreeBSD, FREE setup, FAST network. Get
> >> your own server
> >>> today at http://www.ServePath.com/indexfm.htm
> >>> _______________________________________________
> >>> Snort-users mailing list
> >>> Snort-userslists.sourceforge.net
> >>> Go to this URL to change user options or
> >> unsubscribe:
> >>>
> >>
> >
>
https://lists.sourceforge.net/lists/listinfo/snort-users
> >>> Snort-users list archive:
> >>>
> >>
> >
>
http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >>>
> >>>
> >>
> >> --
> >> Martin Roesch - Founder/CTO Sourcefire Inc. -
> (410)
> >> 290-1616
> >> Sourcefire: Professional Snort Sensor and
> Management
> >> Console appliances
> >> roeschsourcefire.com - http://www.sourcefire.com
> >> Snort: Open Source Network IDS -
> >> http://www.snort.org
> >>
> >>
> >>
> >>
> >
>
-------------------------------------------------------
> >> This sf.net email is sponsored by: DEDICATED
> SERVERS
> >> only $89!
> >> Linux or FreeBSD, FREE setup, FAST network. Get
> your
> >> own server
> >> today at http://www.ServePath.com/indexfm.htm
> >> _______________________________________________
> >> Snort-users mailing list
> >> Snort-userslists.sourceforge.net
> >> Go to this URL to change user options or
> >> unsubscribe:
> >>
> >
>
https://lists.sourceforge.net/lists/listinfo/snort-users
> >> Snort-users list archive:
> >>
> >
>
http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> >
> > =====
> > Alwin Raymundo
> >
> > __________________________________________________
> > Do you Yahoo!?
> > New DSL Internet Access from SBC & Yahoo!
> > http://sbc.yahoo.com
> >
> >
> --
> Martin Roesch - Founder/CTO, Sourcefire Inc. -
> (410)290-1616
> Sourcefire: Snort-based Enterprise Intrusion
> Detection Infrastructure
>
=== message truncated ===
=====
Alwin Raymundo
__________________________________________________
Do you Yahoo!?
New DSL Internet Access from SBC & Yahoo!
http://sbc.yahoo.com
-------------------------------------------------------
This sf.net email is sponsored by: viaVerio will pay you up to
$1,000 for every account that you consolidate with us.
http://ad.doubleclick.net/clk;4749864;7604308;v?
http://www.viaverio.com/consolidator/osdn.cfm
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]