'Re: [Snort-users] barnyard with syslog and mysql logging'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       snort-users
Subject:    Re: [Snort-users] barnyard with syslog and mysql logging
From:       "Bamm Visscher" <bamm.visscher () gmail ! com>
Date:       2007-08-21 17:35:15
Message-ID: 27492850708211035je936a1dk9dfc0437d488b439 () mail ! gmail ! com
[Download RAW message or body]

Yep.


On 8/21/07, fname lname <larskman@gmail.com> wrote:
> wow, so if I had 2 sensors and if I want mysql and syslog I would need
> 4 instances running?
>
> ouch...
>
> On 8/20/07, Bamm Visscher <bamm.visscher@gmail.com> wrote:
> > You need to use unified alert to be able to use the syslog output
> > plugins. You will also need to run two instances of barnyard if you
> > want to use logging to mysql and syslog. One to monitor unified log
> > files, the other to monitor unified alert files.
> >
> >
> > Bammkkkk
> >
> >
> > On 8/20/07, fname lname <larskman@gmail.com> wrote:
> > > for some reason I can get barnyard to send logging to syslog/syslog2
> > > but it is logging to mysql fine.
> > >
> > > under my snort.conf I just enabled "output log_unified: filename
> > > snort.log, limit 128" but not "output alert_unified: filename
> > > snort.alert, limit 128".  Do I need to uncomment "output
> > > alert_unified: filename snort.alert, limit 128" too?
> > >
> > > I start snort like this, "snort -c snort.conf -o -D -A none"
> > >
> > > -------------------------------------------------------------------------
> > > This SF.net email is sponsored by: Splunk Inc.
> > > Still grepping through log files to find problems?  Stop.
> > > Now Search log events and configuration files using AJAX and a browser.
> > > Download your FREE copy of Splunk now >>  http://get.splunk.com/
> > > _______________________________________________
> > > Snort-users mailing list
> > > Snort-users@lists.sourceforge.net
> > > Go to this URL to change user options or unsubscribe:
> > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > Snort-users list archive:
> > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > >
> >
> >
> >
> > --
> > sguil - The Analyst Console for NSM
> > http://sguil.sf.net
> >
>


-- 
sguil - The Analyst Console for NSM
http://sguil.sf.net

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic