[Oisf-users] Suri-GUI

Anas.B a.bouhsaina at gmail.com
Thu Jul 8 13:57:46 UTC 2010 

Hi Will,

I've dowlnloaded barnyard-0.2.0, but i didn't find "barnyard2.conf"

in Suricata.yaml,
we have already :

  - unified-log:
      enabled: yes
      filename: unified.log

      # Limit in MB.
      #limit: 32

  - unified-alert:
      enabled: yes
      filename: unified.alert

      # Limit in MB.
      #limit: 32

  - unified2-alert:
      enabled: yes


      filename: unified2.alert

but how could we link between Suricata log folder and barnyard. ?
help me please.

Regards.

Anas


2010/7/8 Will Metcalf <william.metcalf at gmail.com>

> unified1 logs are disabled by default have you enabled them in your
> suricata.yaml file?  Also you need to change the -f snort.log to be -f
> unified.log. As as an fyi you should look at unified2/barnyard2 if you
> are doing a fresh install.
>
>  - unified-log:
>      enabled: yes
>      filename: unified.log
>
>  - unified-alert:
>      enabled: yes
>      filename: unified.alert
>
> Regards,
>
> Will
> On Thu, Jul 8, 2010 at 6:36 AM, Anas.B <a.bouhsaina at gmail.com> wrote:
> > Hello everyone,
> >
> > I've installed mysql, created the database, with snort shemas (tables),,
> > also Barnyard,
> >
> >
> > in barnyard.conf :
> > I've replaced these lines :
> >
> > config hostname: debian
> > config interface: eth0
> > output log_acid_db: mysql, database snort, server localhost, user root,
> > password mysnortpassword, detail full
> >
> > But to launch Barnyard
> > I changed the command (snort) from this :
> >
> > # /usr/local/bin/barnyard \
> > -c /etc/snort/barnyard.conf \
> > -g /etc/snort/gen-msg.map \
> > -s /etc/snort/sid-msg.map \
> > -d /var/log/snort \
> > -f snort.log \
> > -w /etc/snort/barnyard.waldo &
> >
> > to this
> >
> > # /usr/local/bin/barnyard  -c /etc/suricata/barnyard.conf -d
> > /var/log/suricata &
> >
> > But it dosen't work :s
> >
> > Can u help me,
> >
> > Regards.
> > Anas
> >
> > _______________________________________________
> > Oisf-users mailing list
> > Oisf-users at openinfosecfoundation.org
> > http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20100708/83c0706a/attachment-0002.html>

More information about the Oisf-users mailing list