I have successfully installed snort, barnyard2 and pulledpork in my machine. I have also configured these tools accordingly. But, it seems like barnyard2 logs partial records in mysql database. My snort output shows, it has generated 1320 records as can be seen in the following snapshot:
On the other hand, barnyard2 has shows it has found 5586 records which consists of 1320 events and 4266 packets and it only records the packets in the event tables.
As per my understanding, the other 1320 records actually contains the alert information which I could not manage to log into database. Below is my barnyard2 configuration for the output.
Hi,
I have successfully installed snort, barnyard2 and pulledpork in my machine. I have also configured these tools accordingly. But, it seems like barnyard2 logs partial records in mysql database. My snort output shows, it has generated 1320 records as can be seen in the following snapshot:
On the other hand, barnyard2 has shows it has found 5586 records which consists of 1320 events and 4266 packets and it only records the packets in the event tables.
As per my understanding, the other 1320 records actually contains the alert information which I could not manage to log into database. Below is my barnyard2 configuration for the output.
output database: alert, mysql, user=snort password=MySqlSNORTpassword dbname=snort_alert host=localhost sensor name=sensor01
and I have commented out alert_fast option in the configuration file.
#output alert_fast: stdout
Is there anything that I am missing in this context? Please clarify.
Additional question: how can get the original IP addresses in the mysql database rather than the obfuscated one.