Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Barnyard2 to Splunk

    Scheduled Pinned Locked Moved IDS/IPS
    2 Posts 2 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J Offline
      jemunos
      last edited by

      So I was trying to send data to splunk from barnyard2. However I found using TCP dump that no data was being sent. Looking into the /etc/syslog.conf file I found that the port was not being put at the end of the syslog destination address. Instead it was being put on a line of its own. This appears to be a UI bug.

      If I put the destination server ip and port on the same line under the barnyard2 tab, this issue is resolved.

      Has anyone else experienced this issue?

      1 Reply Last reply Reply Quote 0
      • T Offline
        trevorr2004
        last edited by

        Were you able to get this working ever?

        I only get a sample log like such to my syslog server from using the barnyard2

        May 31 01:42:38 pfsense.rando.local nginx: 10.0.0.3 - - [31/May/2017:01:42:38 +0000] "GET /css/pfSense.css HTTP/1.1" 200 7239 "https://10.0.0.1/snort/snort_barnyard.php?id=0" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36"

        I don't actually get the snort alerts…if I turn it to log to the pfsense system log, it works fine but I want it to be a separate log.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.