Snort mailing list archives
Re: Snort logs not being written.
From: Y M <snort () outlook com>
Date: Sun, 25 Nov 2012 20:08:23 +0300
A similar issue I had but may not be related was that snort is writing the unified2 logs to a different location from where barnyard2 was supposed to read the file; I was always reading an empty file. What's the command you use to start barnyard2? I'm my case I use the -d switch to specify the unified2 file directory, -f to specify the file name that barnyard2 should look for (as specified in your snort.conf in barnyard2 output plugin section) and -w to specify the location of the waldo file, given that the barnyard2.conf has all the variables for sid-msg.map, gen-msg.map, reference, etc, file locations setup. Hope this helps. YM ________________________________ From: GB Sent: 11/25/2012 7:23 PM To: snort-users () lists sourceforge net Subject: [Snort-users] Snort logs not being written. Logs of this issue but none matches my problem. Before I got there the business was going to use Barnyard2 (I have familiar with BY1 but 2 is new to me.). They decided they already had a collator do decided they didn't need BY2 but discovered it had stopped writing logs post installation of BY2, sigh. I can see the Snort engine start up, I can watch it checking its sensors and I even found a BY2.config that looked like the culprit but now it is just opening a log file with 0kb and nothing gets written to the file. This is all running under Fedora. I can't find anything one backing out or deactivating BY2, so any help would be appreciated. Thanks for your patience all!
------------------------------------------------------------------------------ Monitor your physical, virtual and cloud infrastructure from a single web console. Get in-depth insight into apps, servers, databases, vmware, SAP, cloud infrastructure, etc. Download 30-day Free Trial. Pricing starts from $795 for 25 servers or applications! http://p.sf.net/sfu/zoho_dev2dev_nov
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Monitor your physical, virtual and cloud infrastructure from a single web console. Get in-depth insight into apps, servers, databases, vmware, SAP, cloud infrastructure, etc. Download 30-day Free Trial. Pricing starts from $795 for 25 servers or applications! http://p.sf.net/sfu/zoho_dev2dev_nov
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort logs not being written. GB (Nov 25)
- Re: Snort logs not being written. beenph (Nov 25)
- <Possible follow-ups>
- Re: Snort logs not being written. Y M (Nov 25)
- Re: Snort logs not being written. Y M (Nov 25)
- Re: Snort logs not being written. GB (Nov 25)
- Re: Snort logs not being written. beenph (Nov 25)
- Re: Snort logs not being written. GB (Nov 26)
- Re: Snort logs not being written. honeybadger (Nov 27)
- Re: Snort logs not being written. honeybadger (Nov 27)
- Re: Snort logs not being written. GB (Nov 25)