Barnyard woes

[Joerg Weber <j.weber () infos de>]

Hallo everyone,

I've had barnyard running on my test-system, but didn't like the way I
had things up so I decided to do a clean, neat config.
Big mistake :)

Here's my problem:
1) I'd like to use SnortCenter to maintain my sensors. SnortCenter adds
the unified_plugin like this:
output log_unified: filename snort-unified, limit 500
but no alert_unified:
Should I add this by hand via a preprocessor?

2) Snort's running fine and happily logging into
/var/log/snort/snort-unified.
Now I'm setting up my barnyard.conf like
config hostname: Inhouse
config interface: eth1
processor dp_alert
processor dp_log
processor dp_stream_stat
output log_acid_db: mysql, sensor_id 7, database snort, server [ip],
user [user], password [root]

Now I'm starting barnyard like
barnyard -c /root/barnyard-0.1.0-beta5/etc/barnyard.conf -f
/var/log/snort/snort-unified -w /var/log/snort/waldo
And the result looks like
Skipping tagged packet 1389
Skipping tagged packet 1392
Skipping tagged packet 1394
Skipping tagged packet 1396
Skipping tagged packet 1398
[and on and on and on...]
What's up with that?

3) Same happens when I try to run barnyard with the -f
/var/log/snort/scan.log

4) The reason I'm running into this is my dislike of running two
instances of barnyard, one for log, one for alert. Isn't there a more
clever way to do things?

Thanks alot everyone for your help,

J. Weber



-- 
----------------------------------
Joerg Weber
Network Security
InfoServe GmbH
Nell-Breuning-Allee 6
66115 Saarbruecken
T: 0681 - 88008 - 0
F: 0681 - 88008 - 33



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users