Re: [Sguil-users] Multiple Sguil Senor --Barnyard problem
Status: Beta
Brought to you by:
bamm
From: Paul S. <pa...@ut...> - 2006-01-31 21:54:31
|
If you're running multiple instances of barnyard on the same host, I would suggest naming each one differently. E.g. barnyard-one, barnyard-two, etc. This can be easily done with symlinks to the "real" barnyard binary. Then, each barnyard instance can have its own, uniquely named conffile - barnyard-one.conf, etc. Thats' what I do, and I've had no problems running three instances of barnyard on one server. --On Tuesday, January 31, 2006 14:29:30 -0500 Grant Deffenbaugh <gr...@an...> wrote: > Thanks, > > Now knowing that the snort.log.<timestamp> file should never > be zero in length, I checked my snort.conf and discovered > that I had not uncommented: > > output log_unified: filename snort.log, limit 128 > > This fixed my problem and barnyard started to show up in the > sguil client. > > One problem solved! > > > Adding in the second sensor the second barnyard doesn't show > up as working. Boo. > > This I find as strange since events from both agents are > showing up in the syslogs coming from sguild. > > I have moved the sguil_agent ports to all be above 7740 to > avoid trouble and the second barnyard is still marked down. > > I'm starting to wonder if I should be playing with the sguild.conf > defines: (However I am inclined to think this shouldn't matter.) > > set SENSOR_AGGREGATION_ON 0 ># set BIND_SENSOR_IP ADDR 127.0.0.1 ># set BIND_CLIENT_IP ADDR 127.0.0.1 > > > There appears to be a few more things I need to iron out. > For example 'Error: expected integer but got "0x A"' > > I'll be back with more as I figure it out. > > -Grant > > > > ------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. Do you grep through log > files for problems? Stop! Download the new AJAX search engine that makes > searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642 > _______________________________________________ > Sguil-users mailing list > Sgu...@li... > https://lists.sourceforge.net/lists/listinfo/sguil-users Paul Schmehl (pa...@ut...) Adjunct Information Security Officer University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/ir/security/ |