Snort mailing list archives

Previous By Date Next
Previous By Thread Next

barnyard-0.1.0-beta5 and mysql

From: "Michael Scheidell" <scheidell () secnap net>
Date: Mon, 27 May 2002 13:35:15 -0400
just upgraded from snort 1.8.6 release to snort 1.8.7beta5 and
barnyard-0.1.0-beta5 and it doesn't seem to be logging to mysql database.

barnyard config:
./configure --enable-mysql

changed barnyard startup, added -X /var/run/by.pid (and by2.pid I run two
copies of barnyard, one for alerts, one for logs)

config.log seems to indicate it found and linked in mysql libraries:
config.log:configure:2574: gcc -o
conftest -g -O2 -Wall -I/usr/local/include/mysql  -DENABLE_MYSQL  -L/usr/loc
al/lib/mysql conftest.c -lmysqlclient   -lmysqlclient 1>&5

snort is working, (I guess) fast.alert shows entry, /var/log/snort shows
updates to waldo file and barnyard binary.

-rw-r--r--  1 root  security      32 May 27 13:15 waldo.log
-rw-r--r--  1 root  security   10034 May 27 13:15 log.1022519256

tcpdump -X of pcap shows offending packet. (so I know snort is sending
payload to barnyard, and barnyard is picking it up and sending it to pcap)

so, all it looks like is that barnyard is not sending to mysql anymore.

barnyard config:
config daemon
config hostname: localhost
config interface: LAN
config filter: not localhost
processor dp_log
processor dp_stream_stat
output log_pcap: /var/log/snort/pcap
output log_acid_db: mysql, sensor_id 1, database snort, server
localhost,user root, detail full

barnyard startup:
/usr/local/bin/barnyard -c /usr/local/etc/barnyard.conf -d /var/log/snort \
-f  log -L /var/log/snort -w /var/log/snort/waldo.log -a /var/log/snort/tmp
\
-X /var/run/by.pid -D

May 27 13:28:56 scanner barnyard: Loading Data Processors...
May 27 13:28:56 scanner barnyard: dp_alert loaded
May 27 13:28:56 scanner barnyard: dp_log loaded
May 27 13:28:56 scanner barnyard: dp_stream_stat loaded
May 27 13:28:56 scanner barnyard: Loading Built-in Output Plugins...
May 27 13:28:56 scanner barnyard: Fast Alert plugin initialized
May 27 13:28:56 scanner barnyard: AlertSyslog initialized
May 27 13:28:56 scanner barnyard: Log Dump plugin initialized
May 27 13:28:56 scanner barnyard: LogPcap initialized
May 27 13:28:56 scanner barnyard: AcidDb output plugin initialized
May 27 13:28:56 scanner barnyard: AlertCSV initialized
May 27 13:28:56 scanner barnyard: Parsing Config file:
/usr/local/etc/barnyard.$
May 27 13:28:56 scanner barnyard: Args: mysql, sensor_id 1, database snort,
server localhost, user root, detail full
May 27 13:28:56 scanner barnyard: Initializing daemon mode
May 27 13:28:56 scanner barnyard: Barnyard Version 0.1.0-beta5 (Build 8)
started


--
Michael Scheidell
SECNAP Network Security, LLC
(561) 368-9561 scheidell () secnap net
http://www.secnap.net


_______________________________________________________________

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: