Re: Snort 2.9.0.2 / barnyard2 / base 1.4.5 signature not displayed and is unclassifiede

[Jun Wan <junwei_wan () hotmail com>]

Hi Shawn,
 
I followed two setup guides to install Snort by using "sudo apt-get install snort-mysql" : 
1.) https://wwwx.cs.unc.edu/~hays/archives/2010/03/entry_23.php      The Snort version was 2.8.4.1 on Ubundu 9.1, 
Snort&BASE worked fine, this was my first Snort experience.
2.) http://it.thelibrarie.com/weblog/2010/06/installing-snort-on-ubuntu-10-04/   The Snort version was 2.8.x.x (?) on 
Ububdu 10.Barnyard2 failed to initialize, please see the following:
–== Initializing Barnyard2 ==–
Initializing Input Plugins!
Initializing Output Plugins!
Parsing config file “/etc/snort/barnyard2.conf”
ERROR: /etc/snort/barnyard2.conf(310) Undefined variable name: 12.
Fatal Error, Quitting..
 
barnyard2 still failed despite the fact I took the suggestions from others.  Then I moved on and tried the Snort Report 
1.3.1 on Snort 2.8.6.0 and 2.9.0.0, they are working okey except the slowness of loading data into a browser. These two 
Snort IDS boxes are running in my company's live network at moment after some fine tuning via snort.conf, 
emerging.conf, threshold.conf and individual rule.
 
My qustions would be:
 
1.) Do I have to install Snort via "sudo apt-get install snort-mysql" in order to make BASE work?    
2.) Do I get the newest verstion (e.g. 2.9.0.3, etc) of Snort via  "sudo apt-get install snort-mysql" ?
 
Any information and help would be much appreciated.
 
Thanks
 
Regards
 
John
 
 


From: Shawn.Jefferson () bcferries com
To: junwei_wan () hotmail com; randy () procyonlabs com
CC: snort-users () lists sourceforge net
Date: Mon, 20 Dec 2010 12:35:35 -0700
Subject: RE: [Snort-users] Snort 2.9.0.2 / barnyard2 / base 1.4.5 signature not displayed and is unclassifiede






Hmm, I just did that very thing.  What problems are you having?
 




From: Jun Wan [mailto:junwei_wan () hotmail com] 
Sent: Monday, December 20, 2010 2:36 AM
To: randy () procyonlabs com
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Snort 2.9.0.2 / barnyard2 / base 1.4.5 signature not displayed and is unclassifiede
 
Hi Randy,
 
It's a good news, I would love to try BASE again.
 
I am using Ubundu10.04 at moment, do you have any guide for Ubundu10.04?
 
I would like to set up Snort 2.9.0.2/ barnyard2 /base 1.4.5 on Ubundu 10.04.
 
Many thanks in advance
 
Regards
 
John
 
> Date: Sun, 19 Dec 2010 21:45:29 -0500
> From: randy () procyonlabs com
> To: snort-users () lists sourceforge net
> Subject: Re: [Snort-users] Snort 2.9.0.2 / barnyard2 / base 1.4.5 signature not displayed and is unclassifiede
>
> On 12/19/2010 9:06 PM, Jun Wan wrote:
> > Hi Joe,
> >
> > I am using Snort 2.8.6&2.9.0/barnyard2/Snort report 1.3.0, they are okay
> > but they are very slow to load the data into the browser.
> >
> > I used Snort 2.8.5.3/ barnyard2 / base 1.4.5 before by
> > following https://wwwx.cs.unc.edu/~hays/archives/2010/03/entry_23.php, I
> > loved BASE as it's much fast than Snort Report.
> >
> > I just wonder if you have some setup instruction/guide I can follow to
> > setup Snort 2.9.0.2 / barnyard2 / base 1.4.5.
> >
> > Any information and help would be much appreciated.
>
> I'm actually one of the BASE developers (though it is mid-transition to
> a new lead and a newer version at some point, so you won't see much
> action right now) and I help on Barnyard2.
>
> I also do a lot of guides. What platform/OS are you looking for help on?
> I think you mentioned RHEL - what version? I'm currently working on a
> RHEL 6.0 guide for x86_64 that should be ready later this week.
>
> Thanks,
> Randy
>
> ------------------------------------------------------------------------------
> Lotusphere 2011
> Register now for Lotusphere 2011 and learn how
> to connect the dots, take your collaborative environment
> to the next level, and enter the era of Social Business.
> http://p.sf.net/sfu/lotusphere-d2d
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------
Lotusphere 2011
Register now for Lotusphere 2011 and learn how
to connect the dots, take your collaborative environment
to the next level, and enter the era of Social Business.
http://p.sf.net/sfu/lotusphere-d2d

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users