Re: Barnyard 0.1.5 and mysql

["Andrew R. Baker" <andrewb () snort org>]

The system_id in the barnyard.conf file needs to be an integer. 
Anything else will cause it to be set to 0.  Since barnyard does not
know all of the details about how snort was run in order to create a
proper sensor entry.  The sensor id will need to be manually created in
the database for now.  I did send out a script for adding/querying a
sensor entry to the mailing list and will add this to the barnyard CVS
archive when I get some available time.

-Andrew


Chris Eidem wrote:
> Hey y'all,
>
> Got a question about barnyard and mysql.  Looks like it's sending stuff
> into the db with a sid of '0'.  Why?
 
[snipped]

> I start barnyard like this:
> ./barnyard -c ./byshmy.conf -s sid-msg.map -g gen-msg.map -d
> /var/log/snort -f snort.alert
>
> I get this:
> <major snippage>
> SQL: INSERT INTO event(sid, cid, signature, timestamp) VALUES('0',
> '9431', '130', '2001-11-12 21:07:05')
> SQL: INSERT INTO event(sid, cid, signature, timestamp) VALUES('0',
> '9432', '121', '2001-11-12 21:07:35')
> SQL: INSERT INTO event(sid, cid, signature, timestamp) VALUES('0',
> '9433', '126', '2001-11-12 21:07:48')
>
> Lines from the byshmy.conf:
> output alert_acid_db: mysql, sensor_id cubanelle-xl1, database snort,
> server sharpam, user snort, detail full, password snort
> output log_acid_db: mysql, sensor_id cubanelle-xl1, database snort,
> server sharpam, user snort, detail full, password snort

[snipped]

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users