Snort mailing list archives
Re: Snort Install successful - Need a proper database
From: beenph <beenph () gmail com>
Date: Wed, 21 Nov 2012 13:34:03 -0500
On Wed, Nov 21, 2012 at 1:20 PM, waldo kitty <wkitty42 () windstream net> wrote:
On 11/21/2012 12:18, k vijay sai prashanth wrote:All resolved now. Each time I start barnyard2 the events count is incremented. So barnyard2 is feeding the events from snort to the mysql database. Thanks Ron. Appreciate the advise. Sadly I am not sure which of the steps rectified the issue. The following are the changes I made which caused the installation to be successful: 1. output alert_fast to output alert_fast: stdout. 2. change is barnyard.conf 3. Did a make clean on the barnyard2 installation and then did the ./configure --with-mysql. 4. changed the variables config hostname from thor to localhost.ahhh... if thor is the name of the host the machine that the database and barnyard2 live on, then i would say that the problem was your mysql is/was not configured to look for connections on all interfaces... by default, mysql allows only connections from localhost but this is easily changed :)
Barnyard2 hostname is simply a configuration that will allow your barnyard2 process to have a specific sid (sensor_id) in the database. If you have multiple instance of barnyard2 on the same system you can use the same hostname but you have to define different interfaces else they will use the same sid and you could have cid collision (which is bad). If you have sensor on two different system then you should use different hostname to avoid the same type of colision especialy if you have the same interface defined in barnyard2.conf ex: eth0.
FWIW: your barnyard log file should have shown the attempts to connect to mysql on thor as failing if this was the problem...5. And make sure when you run barnyard2 using the below command the snort process must already be running.BY2 should be able to come up and execute while noticing that mysql is not available yet... it should then notice when mysql does become available... but for simplicity, on boot up i would start snort and mysql before starting BY2... maybe even looking for the PIDs of those tasks before starting BY2... both have to be running before BY2 can perform any /meaningful/ task(s)... ;)
If the database server is not UP, and barnyard is configured to output to the database it will not start. But if snort is not running there is no problems to run barnyard2. If you know your database is not running and you want to run barnyard2 with an other set of output plugins, just comment the database output. And if your trying to setup some kind of "ON BOOT" system where you boot multiple services you might want to let your DBMS boot up before starting other services or use a supervision program like DJB daemontools (http://cr.yp.to/daemontools.html) -elz ------------------------------------------------------------------------------ Monitor your physical, virtual and cloud infrastructure from a single web console. Get in-depth insight into apps, servers, databases, vmware, SAP, cloud infrastructure, etc. Download 30-day Free Trial. Pricing starts from $795 for 25 servers or applications! http://p.sf.net/sfu/zoho_dev2dev_nov _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: Snort Install successful - Need a proper database, (continued)
- Re: Snort Install successful - Need a proper database waldo kitty (Nov 20)
- Re: Snort Install successful - Need a proper database k vijay sai prashanth (Nov 20)
- Re: Snort Install successful - Need a proper database Ron Sinclair (Nov 20)
- Re: Snort Install successful - Need a proper database Ron Sinclair (Nov 20)
- Re: Snort Install successful - Need a proper database k vijay sai prashanth (Nov 21)
- Re: Snort Install successful - Need a proper database k vijay sai prashanth (Nov 21)
- Re: Snort Install successful - Need a proper database Ron Sinclair (Nov 21)
- Re: Snort Install successful - Need a proper database k vijay sai prashanth (Nov 21)
- Re: Snort Install successful - Need a proper database beenph (Nov 21)
- Re: Snort Install successful - Need a proper database waldo kitty (Nov 21)
- Re: Snort Install successful - Need a proper database beenph (Nov 21)