--On Tuesday, April 24, 2007 19:56:20 +0200 Ricardo <thrawnkb@xxxxxxxxx>
wrote:
hi, I am setting up a sguil installation using barnyard, and when
barnyard tries to send the data to the sguil server, I get several
errors:
Barnyard Version 0.2.0 (Build 32)
WARNING /etc/snort/barnyard.conf (139) => Unrecognized argument for Sguil
plugin: mysql
WARNING /etc/snort/barnyard.conf (139) => Unrecognized argument for Sguil
plugin: sensor_id 0
WARNING /etc/snort/barnyard.conf (139) => Unrecognized argument for Sguil
plugin: database sguil
WARNING /etc/snort/barnyard.conf (139) => Unrecognized argument for Sguil
plugin: server localhost
WARNING /etc/snort/barnyard.conf (139) => Unrecognized argument for Sguil
plugin: user sguil
WARNING /etc/snort/barnyard.conf (139) => Unrecognized argument for Sguil
plugin: password sguil_pass
WARNING /etc/snort/barnyard.conf (139) => Unrecognized argument for Sguil
plugin: sguild_host localhost
WARNING /etc/snort/barnyard.conf (139) => Unrecognized argument for Sguil
plugin: sguild_port 7736
I am runnning Kubuntu 7.04, sguil 0.6.1, mysql 5.0.22, and I installed
and patched the barnyard in the following way (without errors):
sudo wget http://www.snort.org/dl/barnyard/barnyard-0.2.0.tar.gz
sudo tar -xzf barnyard-0.2.0.tar.gz
cd /usr/local/src/sguil-0.6.1/sensor/barnyard_mods;
sudo cp configure.in /usr/local/src/barnyard-0.2.0/;
sudo cp op_sguil.c op_sguil.h op_plugbase.c.patch
/usr/local/src/barnyard-0.2.0/src/output-plugins
cd /usr/local/src/barnyard-0.2.0/src/output-plugins;
sudo patch op_plugbase.c < op_plugbase.c.patch;
cd ../../;
sudo ./autojunk.sh;
sudo ./configure --enable-mysql --enable-tcl --with-tcl=/usr/lib/tcl8.3;
sudo make && sudo make install;
The sguil plugin configuration is:
output sguil: mysql, sensor_id 0, database sguil, server localhost, user
sguil, password sguil_pass, sguild_host localhost, sguild_port 7736
This should be:
output sguil
That's it. Dump the rest.
--
Paul Schmehl (pauls@xxxxxxxxxxxx)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
p7sdVVDzHTkor.p7s
Description: S/MIME cryptographic signature
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/ _______________________________________________
Barnyard-users mailing list
Barnyard-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/barnyard-users
|
