Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Barnyard2 hangs when started with MySQL

From: "WGM IT" <at () wgm-it com>
Date: Wed, 11 May 2016 19:16:40 +0300
Hello,

 

I have a problem with Barnyard2 - it hangs when started with MySQL.

I would be very grateful to you for any proposals and comments.

 

 

Step 1

sudo /usr/local/bin/snort -u snort -g snort -c /etc/snort/snort.conf -i eth0
-D

OK

 

Step 2

sudo barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.u2 -w
/var/log/snort/barnyard2.waldo -g snort -u snort -D

OK

 

Step3

mysql -u snort -p -D snort -e "select count(*) from event"

OK - MySQL events number  increases (e.g. after ping)

 

Step 4

Kill snort process

kill barnyard2 process

 

Step 5

sudo /usr/local/bin/pulledpork.pl -c /etc/snort/pulledpork.conf -l 

Errors when generating Stub Rules

 

Step 6

sudo barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.u2 -w
/var/log/snort/barnyard2.waldo -g snort -u snort -D

barnyard2 hangs for 2 minutes

 

Step 7

mysql -u snort -p -D snort -e "select count(*) from event"

MySQL events number  remains constant (e.g. after ping)

 

 

Any ideas?

 

Thanks a lot in advance for your cooperation.

 

 

 

 

Best regards

Alexej Teplitsky

 



WGM IT

 

+49 172 834 08 12

Skype: alexej.teplitsky

Attachment: 1. barnyard2_log before rules update.txt
Description:

Attachment: 2. barnyard2_log after rules update.txt
Description:

Attachment: 3. pulledpork_log.txt
Description:

Attachment: 4. snort.conf
Description:

Attachment: 5. barnyard2.conf
Description:

Attachment: 6. pulledpork.conf
Description: 

------------------------------------------------------------------------------
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: