Snort mailing list archives
Re: Snort report not showing any data - not sure if Snort is working
From: Tony Robinson <deusexmachina667 () gmail com>
Date: Thu, 15 Nov 2012 19:07:37 -0500
Just wanted to post a quick update here for Joe and everyone else, the Autosnort script I posted for Ubuntu 12.04 is indeed compatible with Ubuntu 12.10 and performs wonderfully. These are screen caps post-install after throwing an armitage hail mary against an OWASP bwa virtual machine and metasploitable 2 with exploit rank set to poor. I think it works. Cheers, DA On Thu, Nov 15, 2012 at 6:06 PM, Tony Robinson <deusexmachina667 () gmail com>wrote:
as much as I don't want to sound like someone selling snake oil, I have a script called autosnort that completes the entire snort installation for you. If you want to try it out, take a look at: https://github.com/da667/Autosnort/tree/master/Autosnort%20-%20Ubuntu note: the script says ubuntu 12.04. While I haven't officially tested against 12.10 (I'm downloading it as we speak to run the script and ensure compatibility), I have no reason to believe there would be any issues running the script against Ubuntu 12.10. If you're not comfortable running the script however, there are a number of areas I would recommend checking: 1) Where are your unified files being logged to? the guide you are referring to logs them to /var/log/snort can you verify, and also do an ls -l and verify that the snort user and group have permissions on the directory and ALL the files contained within? Can you confirm that barnyard is installed and running while snort is running? what command options are you giving to barnyard? what command options are you giving snort? are you making it drop privilege to the snort user and group? 2) Regarding the database install, check /var/www/snortreport-1.3.3/srconf.php -- there are lines that need to know the password of the snort database user to read from the database. Confirm that you input the correct credentials by logging into the database as the snort user? (mysql -u[snort user] -p[snort user pass] [database name, usually snort] ) try performing a select and/or a show tables with the snort user. 3) you indicate the data isn't in the database at all. Did you install the snort database schema for barnyard? the show tables command above should more than confirm that. Was barnyard 2 compiled with --with-mysql (or the database you are using as a backend?) was it compiled to point to the proper folder for the libmysqlclient library (--with-mysql-libraries=/usr/lib/x86_64-linux-gnu)? what does your barnyard2.conf look like? specifically check your output database line to make sure that the snort database user and the same database password used for srconf.php are exactly the same. 4) is there anything in /var/log/messages or syslog that indicate a problem with snort OR barnyard running? I hope this gives you enough to chew on. Message me on or offlist if you have questions -- I can't always guarantee a fast response, though. DA On Thu, Nov 15, 2012 at 3:53 PM, Joe Nunham <jnunham () parishsoft com>wrote:Hello,**** ** ** I recently installed Snort 2.9.3.1 on Ubuntu 12.10 x86_64. I followed the guide here (http://www.snort.org/assets/158/snortinstallguide293.pdf) and didn’t have any issues when installing packages/configuring configuration files. I can see that the interface I have Snort configured to listen on is receiving data and a few of the snort.u2 logs are not 0 bytes. There are 4 of them that are and the barnyard2.waldo file is 0 bytes as well. When I go in to the snort database and do a SELECT * FROM on any of the tables they all return Empty set (0.00 sec). So when I go to look on Snort report I do not see any data because as I understand it, Snort report is reading data from the MySQL database.**** ** ** I’m not sure what I may have misconfigured, any assistance would be appreciate. If you need any additional information please let me know.*** * ** ** Thanks**** ------------------------------------------------------------------------------ Monitor your physical, virtual and cloud infrastructure from a single web console. Get in-depth insight into apps, servers, databases, vmware, SAP, cloud infrastructure, etc. Download 30-day Free Trial. Pricing starts from $795 for 25 servers or applications! http://p.sf.net/sfu/zoho_dev2dev_nov _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!-- when does reality end? when does fantasy begin?
-- when does reality end? when does fantasy begin?
------------------------------------------------------------------------------ Monitor your physical, virtual and cloud infrastructure from a single web console. Get in-depth insight into apps, servers, databases, vmware, SAP, cloud infrastructure, etc. Download 30-day Free Trial. Pricing starts from $795 for 25 servers or applications! http://p.sf.net/sfu/zoho_dev2dev_nov
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort report not showing any data - not sure if Snort is working Joe Nunham (Nov 15)
- Re: Snort report not showing any data - not sure if Snort is working Tony Robinson (Nov 15)
- Re: Snort report not showing any data - not sure if Snort is working Tony Robinson (Nov 15)
- Re: Snort report not showing any data - not sure if Snort is working Joe Nunham (Nov 16)
- Re: Snort report not showing any data - not sure if Snort is working Joe Nunham (Nov 16)
- Re: Snort report not showing any data - not sure if Snort is working k vijay sai prashanth (Nov 16)
- Message not available
- Re: Snort report not showing any data - not sure if Snort is working Tony Robinson (Nov 16)
- Re: Snort report not showing any data - not sure if Snort is working Tony Robinson (Nov 15)
- Re: Snort report not showing any data - not sure if Snort is working Tony Robinson (Nov 15)