• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Barnyard2 to Splunk

Scheduled Pinned Locked Moved IDS/IPS
2 Posts 2 Posters 1.3k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J
    jemunos
    last edited by Feb 25, 2017, 9:37 PM

    So I was trying to send data to splunk from barnyard2. However I found using TCP dump that no data was being sent. Looking into the /etc/syslog.conf file I found that the port was not being put at the end of the syslog destination address. Instead it was being put on a line of its own. This appears to be a UI bug.

    If I put the destination server ip and port on the same line under the barnyard2 tab, this issue is resolved.

    Has anyone else experienced this issue?

    1 Reply Last reply Reply Quote 0
    • T
      trevorr2004
      last edited by May 31, 2017, 1:43 AM

      Were you able to get this working ever?

      I only get a sample log like such to my syslog server from using the barnyard2

      May 31 01:42:38 pfsense.rando.local nginx: 10.0.0.3 - - [31/May/2017:01:42:38 +0000] "GET /css/pfSense.css HTTP/1.1" 200 7239 "https://10.0.0.1/snort/snort_barnyard.php?id=0" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36"

      I don't actually get the snort alerts…if I turn it to log to the pfsense system log, it works fine but I want it to be a separate log.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received