Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Barnyard2 configure/compile problems and startup error: "Snort not compiled to use mysql" message followup - 1st time barnyard user

From: "Lars" <technicalfriend () yahoo com>
Date: Fri, 3 May 2013 09:31:04 -0400
Hi,

So just as a quick update Snort started populating data into merged.log last
night so it seems the new -k none option approach helped.  Another step that
seemed to affect it but I am not sure was restarting barnyard2 with Snort
off then starting Snort again with the -k switch and once I fired off
another scan I saw merged.log get recreated and it grew!  Once that happened
the rest of our stack of tools worked and Snorby began populating moderate
risk events and logging events to the tables it has.  

Start up process question:  As a result of all the above our question is
then how important is the order of startup process for these pieces?  That
is does Barnyard2 always have to be started first?  MySQL? I think we are
good on getting MySQL and the Apache/Snorby pieces up in the right order,
but maybe we were missing something with Snort and Barnyard/others?
(Logging was not happening at all but now some is yes!)

Next to see if all the other Snort to Barnyard to Snorby rating categories
like "high" and "low" risk events work and populate I plan to run rapid7 and
some other scans to get more aggressive with it.  

KJ

-----Original Message-----
From: beenph [mailto:beenph () gmail com] 
Sent: Friday, May 03, 2013 12:23 AM
To: Lars
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Barnyard2 configure/compile problems and startup
error: "Snort not compiled to use mysql" message followup - 1st time
barnyard user

On Fri, May 3, 2013 at 12:17 AM, Lars <technicalfriend () yahoo com> wrote:

Maybe we need to rebuild Snort?  All these good checks and 
verifications on our config files and all that but the problem remains the

same.



Which problem?

i)  Post your snort command line.
ii) Post your barnyard2 command line
iii) Post your snort config.
iv) Post your barnyard2 config

----------------------------------------------------------------------------
--
Get 100% visibility into Java/.NET code with AppDynamics Lite It's a free
troubleshooting tool designed for production Get down to code-level detail
for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap2
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort
news!


------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite
It's a free troubleshooting tool designed for production
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap2
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: