Snort mailing list archives
Snort / Barnyard2 Issues - 2
From: AllowOverride <allowoverride () gmail com>
Date: Fri, 05 Oct 2012 13:45:02 -0700
here are all my configs for the 6 programs in question minus base-1.4.5 configs, not there yet. please take a look and let me know where i have made mistakes. thanks in advance. i am also interested: /usr/local/bin/snort -A fast -q -u snort -g snort \ -c /etc/snort/etc/snort.conf -i eth0 or /usr/local/bin/snort -A console -q -u snort -g snort -c /etc/snort/etc/snort.conf -i eth0 I am seeing pings from defined test rule for local.rules working only, and not the snort.rules. snort.rules was updated by pp.pl successfully, however, the only way snort outputs anything in logs or on console per those cmds above works ONLY when i cat snort.rules >> local.rules, or simply by local.rules itself. I notice in the Howtos, they stated to # $RULES all of them except local.rules in snort.conf. i assume for testing, but the new snort way says only one large rules file ie. snort.rules. i am trying to log info first to mysql, and from there other progs like base and snortreports and jpgraph will display from mysql data. right now, snort works - sorta, in that is is creating a unified2 output file in /var/log/snort.log.xxxx but is not able to be input to the db via barnyard2. i am just using a simple fast logger to mysql process, thats it, at the moment. i have included all my .confs in CONFS.tar.gz attached. PLEASE take a gander, say what ever you wish, i really appreciate the help an input. sorry for sloppy format of all my emails, im trying to make it simple, sometimes thats hard. i will be back in a few hours, i need a break.. to see any findings... please ask for any input i can give you, whree things are, so forth so on, i will answer as quickly as possible. thank you!!
Attachment:
CONFS.tar.gz
Description:
------------------------------------------------------------------------------ Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort / Barnyard2 Issues - 2 AllowOverride (Oct 05)