|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: [Snort-users] Barnyard part 2
From: Esler, Joel - Contractor (joel.esler
rcert-s.army.mil)
Date: Thu Jul 29 2004 - 07:46:17 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I see that my Snort -> mysql used the "log" facility. Is there a
similar command in barnyard, or do I have to change my rules from alert
to log?
J
-----Original Message-----
From: snort-users-adminlists.sourceforge.net
[mailto:snort-users-adminlists.sourceforge.net] On Behalf Of Esler,
Joel - Contractor
Sent: Thursday, July 29, 2004 8:40 AM
To: snort-userslists.sourceforge.net; Maetzky, Steffen (Extern)
Subject: [Snort-users] Barnyard part 2
Okay, Now, previous setup was Snort logging directly to mysql. Now it
is logging to unified, Barnyard is now processing the mysql entries,
however, it is not inputting the packet data into ACID. Where did the
packet data go?
J
(barnyard.conf)
output alert_acid_db: mysql, sensor_id 7, database snort, server
127.0.0.1, user snort
output log_acid_db: mysql, database snort, server 127.0.0.1, user snort,
detail full
Do i need to comment out alert_acid_db, and make it just "log_acid_db?
-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]