Re: [Sguil-users] Snort is generating alerts but there are no events in Sguil DB
Status: Beta
Brought to you by:
bamm
Menu
▾
▴
Re: [Sguil-users] Snort is generating alerts but there are no events in Sguil DB
|
From: Paul H. <pau...@gm...> - 2011-08-31 13:25:17
|
Just old documentation. BY2 only supports unified2. 2011/8/31 Paul Marin <pma...@gm...> > Hi guys, > > Anyone? > > -------- Mensaje original -------- Asunto: Re: [Sguil-users] Snort is > generating alerts but there are no events in Sguil DB Fecha: Mon, 29 Aug > 2011 09:36:05 -0430 De: Paul Marin <pma...@gm...><pma...@gm...> Para: > sgu...@li... > > Hi, > > I was able to see the alerts on sguil, finally. The problem was my snort's > output configuration setting. I changed the line > > output log_unified: filename snort.log_unified, limit 128 > > Into: > output unified2: filename snort.log_unified, limit 128 > > The documentation indicates that the output plugin must be configured to > something like the first line. Is this a documentation mistake or am i > missing something here? > > Kindly, > > Paul > > -------- Mensaje original -------- Asunto: Re: [Sguil-users] Snort is > generating alerts but there are no events in Sguil DB Fecha: Fri, 26 Aug > 2011 10:35:45 -0600 De: Lay, James <jam...@wi...><jam...@wi...> Responder > a: sgu...@li... Para: > <sgu...@li...> <sgu...@li...> > > From: Paul Marin [mailto:pma...@gm... <pma...@gm...>] > Sent: Friday, August 26, 2011 9:19 AM > To: sgu...@li... > Subject: [Spam] [Sguil-users] Snort is generating alerts but there are > no events in Sguil DB > Importance: Low > > Hi all, > > My snort's alert file is showing me real time alerts and the sguil > client is not. In fact, the sguil DB is showing > Aug 26 14:48:45 ids-ccs-01 barnyard2[1860]: Barnyard2 initialization > completed successfully (pid=1860) > Aug 26 14:48:45 ids-ccs-01 barnyard2[1860]: WARNING: Ignoring > corrupt/truncated waldofile '/var/log/snort/barnyard2.waldo' > Aug 26 14:48:45 ids-ccs-01 barnyard2[1860]: Opened spool file > '/var/log/snort/snort.log_unified.1314370106' > Aug 26 14:48:45 ids-ccs-01 barnyard2[1860]: Waiting for new data > > > > Paul, > > What's your barnyard2 startup line look like? > > James > > ------------------------------------------------------------------------------ > EMC VNX: the world's simplest storage, starting under $10K > The only unified storage solution that offers unified management > Up to 160% more powerful than alternatives and 25% more efficient. > Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev > _______________________________________________ > Sguil-users mailing lis...@li...https://lists.sourceforge.net/lists/listinfo/sguil-users > > > > ------------------------------------------------------------------------------ > Special Offer -- Download ArcSight Logger for FREE! > Finally, a world-class log management solution at an even better > price-free! And you'll get a free "Love Thy Logs" t-shirt when you > download Logger. Secure your free ArcSight Logger TODAY! > http://p.sf.net/sfu/arcsisghtdev2dev > _______________________________________________ > Sguil-users mailing list > Sgu...@li... > https://lists.sourceforge.net/lists/listinfo/sguil-users > > -- Paul Halliday http://www.squertproject.org/ |