Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Https://papertrailapp.com/ or a free cloud syslog for WAN Barnyard2

    IDS/IPS
    2
    5
    1.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      hamdy.aea
      last edited by

      I would like to know if it's possible to use a free syslog server like https://papertrailapp.com/ for WAN Barnyard2 ? If it's possible, how to configure it ?

      1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks
        last edited by

        You can configure Barnyard2 to output data to a remote syslog server.  On the BARNYARD tab for the Snort interface, click the option to send logs to a syslog server.  Additional input elements will then appear where you can specify the IP address or host name for the remote server as well as the port and the facility and severity levels.

        Bill

        1 Reply Last reply Reply Quote 0
        • H
          hamdy.aea
          last edited by

          WAN Barnyard2 don't start and i have this log :

          Barnyard2 spooler: Event cache size set to [8192]
          Jan 04 19:06:14 178.83. barnyard2: Log directory = /var/log/snort/snort_re041684
          Jan 04 19:06:14 178.83. barnyard2: using operation_mode: default
          Jan 04 19:06:18 178.83. barnyard2: FATAL ERROR: could not resolve address[logs3.papertrailapp.com:21749]
          Jan 04 19:06:18 178.83. barnyard2: Barnyard2 exiting
          Jan 04 19:06:18 178.83. barnyard2: ===============================================================================

          Jan 04 19:06:18 178.83. php-fpm: /snort/snort_interfaces.php: The command '/usr/pbi/snort-amd64/bin/barnyard2 -r 41684 -f "snort_41684_re0.u2" –pid-path /var/run --nolock-pidfile -c /usr/pbi/snort-amd64/etc/snort/snort_41684_re0/barnyard2.conf -d /var/log/snort/snort_re041684 -D -q' returned exit code '1', the output was ''

          1 Reply Last reply Reply Quote 0
          • bmeeksB
            bmeeks
            last edited by

            @hamdy.aea:

            WAN Barnyard2 don't start and i have this log :

            Barnyard2 spooler: Event cache size set to [8192]
            Jan 04 19:06:14 178.83. barnyard2: Log directory = /var/log/snort/snort_re041684
            Jan 04 19:06:14 178.83. barnyard2: using operation_mode: default
            Jan 04 19:06:18 178.83. barnyard2: FATAL ERROR: could not resolve address[logs3.papertrailapp.com:21749]
            Jan 04 19:06:18 178.83. barnyard2: Barnyard2 exiting
            Jan 04 19:06:18 178.83. barnyard2: ===============================================================================

            Jan 04 19:06:18 178.83. php-fpm: /snort/snort_interfaces.php: The command '/usr/pbi/snort-amd64/bin/barnyard2 -r 41684 -f "snort_41684_re0.u2" –pid-path /var/run --nolock-pidfile -c /usr/pbi/snort-amd64/etc/snort/snort_41684_re0/barnyard2.conf -d /var/log/snort/snort_re041684 -D -q' returned exit code '1', the output was ''

            Don't add the port at the end of the URL.  Barnyard does not know how to decode that.  I don't have access to my firewall at the moment to verify, but I was thinking there is a separate box for port selection in the syslog settings on the BARNYARD page.  I may be wrong, though.  If there is no specific port setting box on the GUI page, then only the standard syslog port will work.

            Bill

            1 Reply Last reply Reply Quote 0
            • H
              hamdy.aea
              last edited by

              I tried to put only the adresse and i have change de port from 514 to the pappetrailapp port and I have opened this port in firewall and it doesn't work. I want to try again.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post