Snort mailing list archives
Re: Problems with Snort, Barnyard2, BASE on SUSE 11
From: Joel Esler <jesler () sourcefire com>
Date: Wed, 28 Apr 2010 15:35:21 -0400
Do you have any information in the database? Can you check that? J On Wed, Apr 28, 2010 at 3:04 PM, Michael Sloan <sloan () caps fsu edu> wrote:
I've tried to set up Snort on SUSE Linux Enterprise Server 11, and have run into troubles. I think it might have been working at one point, but now i think it's stopped but I'm not sure, and not entirely sure I even compiled and configured everything correctly. I'm using Snort 2.8.5.3, Base 1.4.5, Barnyard2 1.8, and mySQL 5.0.67 Barnyard2: compiled with --enable-mysql Snort: compiled with --enable-targetbased (I could not get --with-mysql to work, and didn't actually peruse the mailing lists until long after I got everything installed and possibly configured) In snort.conf: output unified2: filename snort.log, limit 128 In barnyard2.conf: output database: alert, mysql, user=snort password=TopSecretPassword dbname=snort host=localhost mysql reports that the user snort@localhost has SELECT, INSERT, UPDATE, DELETE, CREATE on snort.* SELECT, INSERT, UPDATE on snort.sensor Snort is started with: /usr/local/bin/snort -c /etc/snort/snort.conf -i eth0 -d -D -u snort And barnyard2 is started with: /usr/local/bin/barnyard2 -c /etc/snort/barnyard2.conf -D -d /var/log/snort -f snort.log -u snort After a couple of weeks, I see that snort.log is 133k, but no alerts whatsoever have been displayed in BASE. BASE is showing the proper database name, and user. I see in /var/log/messages (after restarting snort and barnyard2 today) that barnyard2 read 706 records from the 133k file. I do not see any errors in the mysqld logs. I've looked at installation guides for SUSE 10, Fedora Core 11, and read enough from different sources that now I really have no idea what could be wrong and after spending quite a few hours on this over the course of the last few weeks, I've run out of ideas on what to tweak and change. Any suggestions or (or requests for further information needed) would be greatly appreciated. -- Michael Sloan Systems Administrator FSU Center for Advanced Power Systems sloan () caps fsu edu ------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Problems with Snort, Barnyard2, BASE on SUSE 11 Michael Sloan (Apr 28)
- Re: Problems with Snort, Barnyard2, BASE on SUSE 11 Joel Esler (Apr 28)
- Re: Problems with Snort, Barnyard2, BASE on SUSE 11 Michael Sloan (Apr 29)
- Re: Problems with Snort, Barnyard2, BASE on SUSE 11 Nick Moore (Apr 28)
- Re: Problems with Snort, Barnyard2, BASE on SUSE 11 Joel Esler (Apr 28)