Re: output plugins barnyard2

[firnsy <firnsy () securixlive com>]

On Wed, 2009-12-16 at 12:57 +0530, Pradeep Lamabam wrote:
> thank you all for your assistance so far.

G'day Pradeep,

> i am using snort with barnyard2. what i want to is :
> 1 log events to mysql database (works fine !!)
> 2 log alerts to a file in /var/log/snort/<alert filename>,( work
> fine !!), am using this file with snort_stat.pl and lastly
> 3 log the whole packet to a file in /va/log/snort/<filename>, so that
> i can use it with wireshark. (NOT WORKING !! )

> 1 and 2 has been configured in barnyard2.conf file as :
> a) output alert_fast: /var/log/snort/<alert filename> and
> b) output database: alert, mysql, user=snort password=password
> dbname=snort host=localhost
> c) using output log_tcpdump in barnyard2.conf for step 3 doesn't
> helps, since it logs only raw data and not protocol informations!!
>
> i would greatly appreciate if someone could help me pass through step
> 3 !!

I am happy to help you with this problem, please provide me with your
current version of barnyard2 (barnyard2 -V) offline and we'll take it
from there.

For the rest of the audience, I'll post the solution back here when
solved.

Regards,

-- 
firnsy
www.securixlive.com

Attachment: signature.asc
Description: This is a digitally signed message part

------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users