Snort mailing list archives

Re: FW: Snort 2.8.6 & Snort Report 1.3.1 with "No Data..."

From: Jun Wan <junwei_wan () hotmail com>
Date: Wed, 25 Aug 2010 23:01:39 +0000


Hi,
 
Is anyone able to confirm the following (from the setup guide) , I think there might be errors with two red lines , 
which might be the root cause of "No Data" issue:
 
sudo tar zxvf barnyard2-1.8.tar.gz
cd barnyard2-1.8
sudo ./configure --with-mysql
sudo make
sudo make install
sudo cp etc/barnyard2.conf /usr/local/snort/etc
sudo mkdir /var/log/barnyard2
sudo chmod 666 /var/log/barnyard2
sudo touch /var/log/snort/barnyard2.waldo
sudo chown snort.snort /var/log/snort/barnyard2.waldo
 
 
These two red lines should be the following:
 
sudo cp /etc/barnyard2.conf /usr/local/snort/etc                                 the guide misses / in front of etc
 
sudo chown snort:snort /var/log/snort/barnyard2.waldo                        the guide misses : between two "snort" 
 
Would anyone please confirm if these are errors in the guide?  
 
Thanks again.
 
Regards
 
John
 

From: greglane () laneconstinc com
To: snort-users () lists sourceforge net
Date: Wed, 25 Aug 2010 08:09:55 -0500
Subject: [Snort-users] FW: Snort 2.8.6 & Snort Report 1.3.1 with "No Data..."






 
 

Greg Lane
IT Manager
Lane Enterprises
 
Email:  greglane () laneconstinc com
Phone: (228)872-2414
 


From: Greg Lane [mailto:greglane () laneconstinc com] 
Sent: Wednesday, August 25, 2010 8:09 AM
To: 'Jun Wan'
Subject: RE: [Snort-users] Snort 2.8.6 & Snort Report 1.3.1 with "No Data..."
 
I have had the same problem and even did a complete reinstall.  I have also installed BASE using a setup on the Ubuntu 
Forum.  I have everything running.  I know I’m getting traffic on my mirrored outside interface because I have run both 
TCPDUMP and Wireshark and have looked at the traffic and have run multiple scans against my outside IP address with 
nmap and still haven’t gotten a single alert of any kind.  If I’m not mistaken BASE should show any type of traffic 
that is coming in not just error but I could be wrong. 
 

Greg Lane
IT Manager
Lane Enterprises
 
Email:  greglane () laneconstinc com
Phone: (228)872-2414
 


From: Jun Wan [mailto:junwei_wan () hotmail com] 
Sent: Tuesday, August 24, 2010 9:54 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Snort 2.8.6 & Snort Report 1.3.1 with "No Data..."
 

  Hi,
 
I have followed the instructions from : http://www.symmetrixtech.com/articles/004-snortinstallguide286.pdf, 
installation went very smoothly this time.
 
My Snort 2.8.6 with updated rules is running beautifully, but the Snort Report 1.3.1 produces no data.
 
Any information and help would be much appreciated.
 
Thanks.
 
Regards
 
John
 
 
 

------------------------------------------------------------------------------ Sell apps to millions through the 
Intel(R) Atom(Tm) Developer Program Be part of this innovative community and reach millions of netbook users worldwide. 
Take advantage of special opportunities to increase revenue and speed time-to-market. Join now, and jumpstart your 
future. http://p.sf.net/sfu/intel-atom-d2d
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to 
this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users 
list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Sell apps to millions through the 
Intel(R) Atom(Tm) Developer Program Be part of this innovative community and reach millions of netbook users worldwide. 
Take advantage of special opportunities to increase revenue and speed time-to-market. Join now, and jumpstart your 
future. http://p.sf.net/sfu/intel-atom-d2d
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to 
this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users 
list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users

------------------------------------------------------------------------------
Sell apps to millions through the Intel(R) Atom(Tm) Developer Program
Be part of this innovative community and reach millions of netbook users 
worldwide. Take advantage of special opportunities to increase revenue and 
speed time-to-market. Join now, and jumpstart your future.
http://p.sf.net/sfu/intel-atom-d2d

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Snort 2.8.6 & Snort Report 1.3.1 with "No Data..." Jun Wan (Aug 24)
- Snort 2.8.6 & Snort Report 1.3.1 with "No Data..." Jun Wan (Aug 24)
- <Possible follow-ups>
- FW: Snort 2.8.6 & Snort Report 1.3.1 with "No Data..." Greg Lane (Aug 25)
  - Re: FW: Snort 2.8.6 & Snort Report 1.3.1 with "No Data..." Jun Wan (Aug 25)
    - Re: FW: Snort 2.8.6 & Snort Report 1.3.1 with "NoData..." Billy Marshall (Aug 26)
    - Re: FW: Snort 2.8.6 & Snort Report 1.3.1 with "NoData..." David Gullett (Aug 26)
    - Re: FW: Snort 2.8.6 & Snort Report 1.3.1 with "NoData..." Jun Wan (Aug 26)
    - Re: FW: Snort 2.8.6 & Snort Report 1.3.1 with "NoData..." Greg Lane (Aug 27)
    - Re: FW: Snort 2.8.6 & Snort Report 1.3.1 with "NoData..." Jun Wan (Aug 27)