Re: Barnyard2 launching problem

[Abdullah AL-Mutairy <abohabeeb1412 () gmail com>]

Thanks for replying 

What i want to do is to check which rules in snort is  frequently used or which attacks are frequent to my home 
network. 
In order to know that i have to read the snort log file which in in format (snort.log.xxxxx) ex: snort.log.14737277

After that maybe i can take specific rules and discard unused rules in my home network.


BTW, i used barnyard2 and it is installed in usr/src/ directory as the guide explain.

Thanks a lot!

. . . . . 

> On Feb 22, 2017, at 3:42 AM, Marcin Dulak <marcin.dulak () gmail com> wrote:
>
>
>
> > On Wed, Feb 22, 2017 at 12:46 AM, Abdullah AL-Mutairy <abohabeeb1412 () gmail com> wrote:
> >
> > Hello everyone ..
> >
> > I've been trying to make snort work with MySQL for almost a month
>
> the old tools like barnyard2, snorby, sguil etc. are no longer maintained.
> Maybe try https://securityonion.net/
>  
> > but i keep getting errors in each step > look for a solution then bypass the problem.
> >
> > I'm following this guid here: 
> > http://computer-outlines.over-blog.com/article-nids-snort-barnyard2-apache2-base-with-ubuntu-14-04-lts-123532107.html
> >
> > And now i'm stuck at "launching barnyard2" step! When i do the command:
>
> where barnyard2 has been installed?
> which barnyard2
>  
> > sudo /usr/local/bin/barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.log -w 
> > /var/log/barnyard2/bylog.waldo -C /etc/snort/classification.config
> >
> > I get an error because /usr/local/bin/ is empty.
> >
> > The guid is good and clear but i have a feeling that it might be missing some small parts like DAQ package,  is that 
> > right?
> >
> > All i wanted is to read the snort logs!
>
> barnyard is not needed for reading the logs. Assuming you have unified2 log https://github.com/jasonish/py-idstools 
> will do, see http://seclists.org/snort/2017/q1/11
>
> Marcin
>  
> > But couldn't make it work!
> >
> > Please help me >_<
> >
> > Your help is much appreciated 
> > . . . . . 
> >
> > ------------------------------------------------------------------------------
> > Check out the vibrant tech community on one of the world's most
> > engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> >
> > Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!