[Bro] Attach Barnyard2 to Bro2

Jeremy Cox jeremy.cox at washk12.org
Mon Jan 27 11:36:13 PST 2014


I found it.  Barnyard was pointing at the server's public IP address.  As
soon as I told Barnyard to point at 127.0.0.1, Bro started logging the
Barnyard alerts.  Thanks for all your help!!

Jeremy

*Jeremy Cox*
Senior Network Engineer, ISO

*Washington County School District*121 W Tabernacle - St. George - UT
435-634-4315
www.washk12.org
687474703a2f2f7777772e7375706572746563686775792e636f6d

IMPORTANT NOTICE REGARDING THIS ELECTRONIC COMMUNICATION:

This e-mail, including any attachments thereto, contains information that
may be confidential or privileged, and is intended solely for the
individual or entity to whom it is addressed.  Recipient is hereby notified
that any disclosure, copying or distribution of this message is strictly
prohibited.  IF YOU ARE NOT THE INTENDED RECIPIENT, please notify the
originator of this e-mail immediately and destroy all information
received.  Thank you.



On Mon, Jan 27, 2014 at 12:25 PM, Siwek, Jonathan Luke
<jsiwek at illinois.edu>wrote:

>
> On Jan 27, 2014, at 12:57 PM, Jeremy Cox <jeremy.cox at washk12.org> wrote:
>
> > I did.  I have also put it back into standalone mode to see if that did
> it.... No luck.
>
> I’m not sure then.  You can check Bro’s communication log to see if it
> looks like a connection is actually established; Barnyard2’s log should
> also indicate whether it connected.  The other thing I can think of would
> be if there’s no alerts actually being generated.  How are you running
> Barnyard2 ?  Is it pointed at the right place w/ unified2 alert files that
> are being populated?
>
> - Jon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140127/7f11236e/attachment.html 


More information about the Bro mailing list