[Oisf-devel] Unified2 / MySQL

Will Metcalf william.metcalf at gmail.com
Mon Jan 4 21:40:08 UTC 2010


hmmm I will test this here as well..

Regards,

Will

On Mon, Jan 4, 2010 at 2:03 PM, Rich Rumble <richrumble at gmail.com> wrote:

> > I'm also in the middle of a "front end" coding marathon that is
> > initially aimed as a GTK version of Sguil (read loose clone, written in
> > Perl/GTK2) with plans for both a dedicated client and web based client
> > that support real time event monitoring coupled with sensor/server
> > management.
>
> > If you're interesting in getting some dirty fingers then by all means
> > contact me offline.
> I'm a PHP man so I doubt I'll be of much help, in fact I've not been
> able to get the unified2 logs over to mysql yet using Barnyard2. I've
> configured --with-mysql, and run the following command line:
> barnyard2 -c /usr/local/etc/barnyard2.conf -v -d /var/log/suricata/ -f
> unified2 -w /var/log/suricata/book.mark
> And I recieve the following:
> WARNING: Can't extract timestamp extension from
> 'unified2.alert.1262466596'using base 'unified2'
> WARNING: Can't extract timestamp extension from
> 'unified2.alert.1262470938'using base 'unified2'
> WARNING: Can't extract timestamp extension from
> 'unified2.alert.1262470943'using base 'unified2'
> WARNING: Can't extract timestamp extension from
> 'unified2.alert.1262629276'using base 'unified2'
> WARNING: Can't extract timestamp extension from
> 'unified2.alert.1262468877'using base 'unified2'
> WARNING: Can't extract timestamp extension from
> 'unified2.alert.1262466604'using base 'unified2'
> WARNING: Can't extract timestamp extension from
> 'unified2.alert.1262485828'using base 'unified2'
> WARNING: Can't extract timestamp extension from
> 'unified2.alert.1262467097'using base 'unified2'
> WARNING: Can't extract timestamp extension from
> 'unified2.alert.1262466952'using base 'unified2'
> etc...
> I don't have snort on this machine, but I've pointed the
> barnyard2.conf file to copies of the .map files and uncommented the
> mysql line at the bottom and tuned to the proper password and DB name.
>
> I started suricata in daemon mode: /usr/local/bin/suricata -c
> suricata.yaml -i eth0 -D
> I'd love to get this going and even throw in a basic how-to afterward.
> -rich
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20100104/1c3b28c5/attachment-0002.html>


More information about the Oisf-devel mailing list