[Oisf-users] Suri-GUI
Anas.B
a.bouhsaina at gmail.com
Thu Jul 8 13:57:46 UTC 2010
Hi Will,
I've dowlnloaded barnyard-0.2.0, but i didn't find "barnyard2.conf"
in Suricata.yaml,
we have already :
- unified-log:
enabled: yes
filename: unified.log
# Limit in MB.
#limit: 32
- unified-alert:
enabled: yes
filename: unified.alert
# Limit in MB.
#limit: 32
- unified2-alert:
enabled: yes
filename: unified2.alert
but how could we link between Suricata log folder and barnyard. ?
help me please.
Regards.
Anas
2010/7/8 Will Metcalf <william.metcalf at gmail.com>
> unified1 logs are disabled by default have you enabled them in your
> suricata.yaml file? Also you need to change the -f snort.log to be -f
> unified.log. As as an fyi you should look at unified2/barnyard2 if you
> are doing a fresh install.
>
> - unified-log:
> enabled: yes
> filename: unified.log
>
> - unified-alert:
> enabled: yes
> filename: unified.alert
>
> Regards,
>
> Will
> On Thu, Jul 8, 2010 at 6:36 AM, Anas.B <a.bouhsaina at gmail.com> wrote:
> > Hello everyone,
> >
> > I've installed mysql, created the database, with snort shemas (tables),,
> > also Barnyard,
> >
> >
> > in barnyard.conf :
> > I've replaced these lines :
> >
> > config hostname: debian
> > config interface: eth0
> > output log_acid_db: mysql, database snort, server localhost, user root,
> > password mysnortpassword, detail full
> >
> > But to launch Barnyard
> > I changed the command (snort) from this :
> >
> > # /usr/local/bin/barnyard \
> > -c /etc/snort/barnyard.conf \
> > -g /etc/snort/gen-msg.map \
> > -s /etc/snort/sid-msg.map \
> > -d /var/log/snort \
> > -f snort.log \
> > -w /etc/snort/barnyard.waldo &
> >
> > to this
> >
> > # /usr/local/bin/barnyard -c /etc/suricata/barnyard.conf -d
> > /var/log/suricata &
> >
> > But it dosen't work :s
> >
> > Can u help me,
> >
> > Regards.
> > Anas
> >
> > _______________________________________________
> > Oisf-users mailing list
> > Oisf-users at openinfosecfoundation.org
> > http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20100708/83c0706a/attachment-0002.html>
More information about the Oisf-users
mailing list