3. Barnyard2 thinks snort spool logs are empty

Barnyard2 thinks snort spool logs are empty

  • P

    I have snort set up on an Amazon EC2 linux server with a single rule that logs all TCP packets coming in. I installed barnyard with mysql to record these logs to a database. Snort runs fine, when I log in plaintext with -K ascii I can see all of the TCP packets in the log files. I can also see all of the snort.log.timestamp files in /var/log/snort when I log in the unified2 format.

    My problem is that when I run barnyard2, it doesn't find any information in the these logs. I get feedback such as "Closed spool file '/var/log/snort/snort.log.timestamp'. Read 0 records". I checked the logs and they do have data in them. It seems that there is some sort of configuration I missed that is preventing barnyard from reading the spools.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy