Comments (5)
binf
commented on May 12, 2024
On Wed, Jan 30, 2013 at 4:46 AM, lutphi [email protected] wrote:
Hi I am a newbie on barnyard. I want barnyard to write log to a file like
snort-alert log.In snort.con I got the line
output alert_unified2: filename snort.u2, limit 128
You need to use the following snort unified2 output directive for barnyard2
to process the unified2 file correctly.
output unified2: filename snort.u2, limit 128
If your unified2 file does not contain any events , then none of them will
get logged to the database.
Thus you need to ensure that you have events being written to your unified2
file if you want anything
to be written to the database.
from barnyard2.
lutphi
commented on May 12, 2024
Thanks I changed my snort.conf just like you said. But situation is still the same and snort writes logs to new file "alerts". which is not unified2 the snort.con now likes,
#output alert_unified2: filename snort.u2, limit 128
output unified2: filename snort.u2, limit 128
and no snort.u2 file. But if I try to run snort as
output alert_unified2: filename snort.u2, limit 128
output unified2: filename snort.u2, limit 128
configuration options then snort writes to snort.u2 file.
And barnyard2 reads the file but does not write logs to file snort-alert.log
For snort I have test rule
alert icmp any any -> $HOME_NET any (msg:"ICMP test"; sid:10000001;)
There is no problem with snort in here
So what may be the problem here
from barnyard2.
binf
commented on May 12, 2024
For snort to create a unified2 file supported by barnyard2 you need
only one line in the snort.conf.
output unified2: filename snort.u2, limit 128
filename option can vary depending on your needs.
limit option can vary depending on your needs also.
You will also need to delete previous created unified2 files.
Also you might want to run snort without the -p and the -N arguement
-p disabling promiscuous mode
and
-N being the nolog option (disalbling logging)
Also you might want to add a revision to your test rule if you want to log to database
alert icmp any any -> $HOME_NET any (msg:"ICMP test"; sid:10000001;) alert icmp any any -> $HOME_NET any (msg:"ICMP test"; sid:10000001; rev:1;)Hope this helps, also we have a mailing list which is mabey more suited for this than gihub.
Search for barnyard2-users on google groups.
from barnyard2.
lutphi
commented on May 12, 2024
thanks again I tried everthing but it still does not work.
I am already running snort with -N and -p options. I posted in barnyard2-users google group:)
https://groups.google.com/forum/?fromgroups=#!topic/barnyard2-users/371IMkL-_4Q
from barnyard2.
terjehaarstad
commented on May 12, 2024
Hi there. Recently I had the same issue while using snort ips. I fixed the problem by deleting the waldo file, you could try that
from barnyard2.
Related Issues (20)
- Barnyard2 2.1.13 sending alerts to remote syslog server.
- Need for a release for all distributions
- Will not compile with libpcap.1.9.0 HOT 20
- unable to write to the mysql database HOT 2
- Barnyard2 can't record to count event.
- Make command gives error in Barnyard2 compile HOT 1
- Error: There's no second layer header available for this datalink. HOT 1
- barnyard2 not read new spool file HOT 3
- ./configure --with-mysql --with-mysql-libraries=/usr/lib64/mysql/ && make && make install;mysql8.0 HOT 2
- Compilation error
- BASE not getting Updated
- mysql Fatal Error: Duplicate key HOT 10
- problem in ipv6 storage
- barnyard2 u2 alert_fast using GRE IP, not encapsulated IP.
- Change the output database
- HELP ME , how i can make barnyard2 HOT 1
- ./configure: line 14409: syntax error near unexpected token `0.9.6,'
- Can't make barnyard2 due to missing glsl link
- Unable to compile in ODBC HOT 1
- MariaDB fixed
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from barnyard2.