Snort mailing list archives

Previous By Date Next
Previous By Thread Next

(no subject)

From: Ron Rosson <insane () oneinsane net>
Date: Tue, 22 Jan 2002 16:32:17 -0800
 
 Here is my command line of snort:
 
 snort -D -i qe0
 
 Here is my command line for barnyard
 
 barnyard -c /etc/snort/barnyard.conf -d /var/log/snort/ -f snort.log \
 -w /var/log/snort/waldo.barnyard
 
 Other than my network variables being shown here, here is my snort.conf
 
 Preprocessors:
        preprocessor frag2
        preprocessor stream4: detect_scans
        preprocessor stream4_reassemble
        preprocessor http_decode: 80 -unicode -cginull
        preprocessor rpc_decode: 111
        preprocessor bo: -nobrute
        
  Output plugins:
         output log_unified: filename snort.log, limit 128
  
  Here is my barnayard.con
  
  processor dp_alert
  processor dp_log
  output alert_acid_db: mysql, sensor_id 1, database snort, server myserver, user s
  nort, password mysnort
  output log_acid_db: mysql, sensor_id 1, database snort, server myserver, user snor
  t, password mysnort, detail full
  
  Now when I started it for the first time it made acid's tcp line 100%
  and that is it. Everything else is all 0's
 
TIA
Ron

-- 
------------------------------------------------------------------------------
Ron Rosson                                    ... and a UNIX user said ...
The InSaNe One                                        rm -rf *
insane () oneinsane net                        and all was /dev/null and *void()
------------------------------------------------------------------------------


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: