Snort mailing list archives
Re: mysql error prevails...
From: Jack <kingofnerds () gmail com>
Date: Sat, 6 Oct 2012 17:49:49 -0400
Remember that in some cases localhost can be assigned a different number. You might want to verify your hosts file. On Oct 6, 2012 4:00 PM, "AllowOverride" <allowoverride () gmail com> wrote:
snort is working for sure: 1. # ls -alh /var/log/snort/ total 1016K drwxr-xr-x 2 snort snort 4.0K Oct 6 11:36 . drwxr-xr-x 13 root root 4.0K Oct 6 10:56 .. -rw-r--r-- 1 root root 6.8K Oct 5 23:26 alert -rw-r--r-- 1 snort snort 0 Oct 4 10:26 barnyard2.waldo -rw------- 1 snort snort 997K Oct 6 01:43 snort.log.1349504795 -rw------- 1 snort snort 0 Oct 6 11:36 snort.log.1349548617 2. sudo openvasd All plugins loaded after hitting 192.168.1.14 with openvas-client results: # ls -alh /var/log/snort/ total 3.3M drwxr-xr-x 2 snort snort 4.0K Oct 6 11:36 . drwxr-xr-x 13 root root 4.0K Oct 6 10:56 .. -rw-r--r-- 1 root root 392K Oct 6 12:50 alert -rw-r--r-- 1 snort snort 0 Oct 4 10:26 barnyard2.waldo -rw------- 1 snort snort 997K Oct 6 01:43 snort.log.1349504795 -rw------- 1 snort snort 2.0M Oct 6 12:50 snort.log.1349548617 I presume alert was actively logging as well as it file size grew, as well as snort.log is now logging i use -A console option. I wonder if -A fast does the same - makes alert and snort.log grow. I will generate lots of traffic again with openvas and ping -f to see i barnyard2.waldo grows at some point... little smack testing in the network sense... 3. here is my local.rules per howtos: # ------------ # LOCAL RULES # ------------ # This file intentionally does not come with signatures. Put your local # additions here. alert icmp any any -> $HOME_NET any (msg:"ICMP test"; sid:10000001;) 4. snort.rules is full. i wonder what happens if i cat >> snort.rules to local.rules lol... jk 5. what i find interesting is how after i installed pulledpork and ran it, it works, and when i hit 192.168.1.14 with openvas-client it logs to /var/log/snort/snort.log, so i assume local.rules AND snort.rules are working, but i can't tell for sure, as i can not get barnyard2 to import the info to mysql to take a look at it, since it is unified2 format.. i think.. can't tell: # less /var/log/snort/snort.log.1349548617 "/var/log/snort/snort.log.1349548617" may be a binary file. See it anyway? i just know the file size is growing.. good sign snort is working, and i know it grows when i simply ping 192.168.1.14 from remote host. 6. I'd like to import data from snort with barnyard2 into say snortreport or base-1.4.5. After than I will be able to try my hand at local.rule creation. i am still stuck with barnyard2 > mysql insertion portion. anything i willing try at this point, as the howtos do not really explain more. see attached for howtos i have been using. also, perms on some dirs were getting non-root perms like: 1210:1210 /etc/snort 7. suggestions anyone ??? im totally open to suggestions... more info to follow.... ---------- Forwarded message ---------- From: beenph <beenph () gmail com> To: AllowOverride <allowoverride () gmail com> Cc: Date: Sat, 6 Oct 2012 04:31:46 -0400 Subject: Re: [Snort-users] mysql error prevails... On Fri, Oct 5, 2012 at 5:59 AM, AllowOverride <allowoverride () gmail com> wrote:you mean snort.* yes i haveDo you actually read e-mails and links sent to you such as the MySQL documentation? By wildcard i didin/t mean * but % <SNIP Also have you tried to wildcard your access for the user you configured? UPDATE mysql.user SET host="%' WHERE user='YOURCONFIGUREDUSED'; REF: https://dev.mysql.com/doc/refman/5.5/en/adding-users.html And make sure to flush--privileges/reload before testing . </SNIP> And in your Context "YOURCONFIGUREDUSER" should be snort. ------------------------------------------------------------------------------ Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: mysql error prevails..., (continued)
- Message not available
- Re: mysql error prevails... AllowOverride (Oct 06)
- Re: mysql error prevails... beenph (Oct 06)
- Re: mysql error prevails... AllowOverride (Oct 06)
- Re: mysql error prevails... beenph (Oct 06)
- Re: mysql error prevails... AllowOverride (Oct 06)
- Message not available
- Re: mysql error prevails... Eric G (Oct 06)
- Re: mysql error prevails... AllowOverride (Oct 06)
- Message not available
- Re: mysql error prevails... AllowOverride (Oct 06)
- Message not available
- Re: mysql error prevails... AllowOverride (Oct 06)
- Message not available
- Re: mysql error prevails... AllowOverride (Oct 06)
- Re: mysql error prevails... Jack (Oct 06)
- Re: mysql error prevails... AllowOverride (Oct 06)
- Re: mysql error prevails... AllowOverride (Oct 06)
- Re: mysql error prevails... AllowOverride (Oct 05)
- Re: mysql error prevails... Peter Bates (Oct 05)
- Re: mysql error prevails... AllowOverride (Oct 05)
- Re: mysql error prevails... Peter Bates (Oct 05)
- Re: mysql error prevails... AllowOverride (Oct 05)
- Message not available
- Re: mysql error prevails... AllowOverride (Oct 06)
- Message not available
- Re: mysql error prevails... AllowOverride (Oct 06)
- Re: mysql error prevails... AllowOverride (Oct 05)