3. Barnyard2 thinks snort spool logs are empty

Barnyard2 thinks snort spool logs are empty

  • P

    I have snort set up on an Amazon EC2 linux server with a single rule that logs all TCP packets coming in. I installed barnyard with mysql to record these logs to a database. Snort runs fine, when I log in plaintext with -K ascii I can see all of the TCP packets in the log files. I can also see all of the snort.log.timestamp files in /var/log/snort when I log in the unified2 format.

    My problem is that when I run barnyard2, it doesn't find any information in the these logs. I get feedback such as "Closed spool file '/var/log/snort/snort.log.timestamp'. Read 0 records". I checked the logs and they do have data in them. It seems that there is some sort of configuration I missed that is preventing barnyard from reading the spools.

    0
Locked
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy