Snort mailing list archives
No Alerts on snorby-barnyard2
From: Paraskevas Lampadas <parislampadas () gmail com>
Date: Wed, 11 Jan 2017 11:47:17 +0200
i have succesfully deployed snort-barnyard2-pulledpork-snorby on raspberry
pi 3, but i have no alerts on snorby gui nor on snorby database.
1. I tried to reboot the server with no effect.
2. I tried deleting all of snort's uni ed2 event logs and recreate the
waldo fi le also with no effect.
On
/etc/snort/barnyard2.conf
i have added at the end the next line
output database: log, mysql, user=snorby password=password dbname=snorby
host=localhost sensor_name=sensor1
With top command i see 2 instances of barnyard2. One from user snort, and
one from root.
Here is my system log issued with
cat /var/log/syslog | grep barnyard
where i get an FATAL ERROR: Failed to Lock PID File
"/var/run//barnyard2_eth0.pid" for PID "5022".
Jan 10 23:19:29 raspberrypi-black barnyard2[4346]:
===============================================================================
Jan 10 23:19:29 raspberrypi-black barnyard2[4346]: Could not remove
pid file /var/run//barnyard2_eth0.pid: No such file or directory
Jan 10 23:19:30 raspberrypi-black barnyard2[4349]: Running in Continuous mode
Jan 10 23:19:30 raspberrypi-black barnyard2[4349]:
Jan 10 23:19:30 raspberrypi-black barnyard2[4349]: --==
Initializing Barnyard2 ==--
Jan 10 23:19:30 raspberrypi-black barnyard2[4349]: Initializing Input Plugins!
Jan 10 23:19:30 raspberrypi-black barnyard2[4349]: Initializing Output Plugins!
Jan 10 23:19:30 raspberrypi-black barnyard2[4349]: Parsing config file
"/etc/snort/barnyard2.conf"
Jan 10 23:19:30 raspberrypi-black barnyard2[4349]: #012#012+[
Signature Suppress list ]+#012----------------------------
Jan 10 23:19:30 raspberrypi-black barnyard2[4349]: +[No entry in
Signature Suppress List]+
Jan 10 23:19:30 raspberrypi-black barnyard2[4349]:
----------------------------#012+[ Signature Suppress list ]+
Jan 10 23:28:59 raspberrypi-black barnyard2[4349]: Barnyard2 spooler:
Event cache size set to [2048]
Jan 10 23:28:59 raspberrypi-black barnyard2[4349]: Log directory =
/var/log/barnyard2
Jan 10 23:28:59 raspberrypi-black barnyard2[4349]: INFO database:
Defaulting Reconnect/Transaction Error limit to 10
Jan 10 23:28:59 raspberrypi-black barnyard2[4349]: INFO database:
Defaulting Reconnect sleep time to 5 second
Jan 10 23:28:59 raspberrypi-black barnyard2[4349]: Initializing daemon mode
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]: Daemon initialized,
signaled parent pid: 4349
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]: PID path stat
checked out ok, PID path set to /var/run/
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]: FATAL ERROR: Failed
to Lock PID File "/var/run//barnyard2_eth0.pid" for PID "5022"
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]: Barnyard2 exiting
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]: database: Closing
connection to database "snorby"
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]:
===============================================================================
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]: Record Totals:
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]: Records: 0
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]: Events:
0 (0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]: Packets:
0 (0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]: Unknown:
0 (0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]: Suppressed:
0 (0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]:
===============================================================================
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]: Packet breakdown by
protocol (includes rebuilt packets):
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]: ETH: 0
(0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]: ETHdisc: 0
(0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]: VLAN: 0
(0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]: IPV6: 0
(0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]: IP6 EXT: 0
(0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]: IP6opts: 0
(0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]: IP6disc: 0
(0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]: IP4: 0
(0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]: IP4disc: 0
(0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]: TCP 6: 0
(0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[4349]: Daemon parent exiting
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]: UDP 6: 0
(0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]: ICMP6: 0
(0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]: ICMP-IP: 0
(0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]: TCP: 0
(0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]: UDP: 0
(0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]: ICMP: 0
(0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]: TCPdisc: 0
(0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]: UDPdisc: 0
(0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]: ICMPdis: 0
(0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]: FRAG: 0
(0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]: FRAG 6: 0
(0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]: ARP: 0
(0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]: EAPOL: 0
(0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]: ETHLOOP: 0
(0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]: IPX: 0
(0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]: OTHER: 0
(0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]: DISCARD: 0
(0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]: InvChkSum: 0
(0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]: S5 G 1: 0
(0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]: S5 G 2: 0
(0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]: Total: 0
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]:
===============================================================================
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]: Could not remove
pid file /var/run//barnyard2_eth0.pid: No such file or directory
Jan 10 23:29:00 raspberrypi-black barnyard2[5025]: Running in Continuous mode
Jan 10 23:29:00 raspberrypi-black barnyard2[5025]:
Jan 10 23:29:00 raspberrypi-black barnyard2[5025]: --==
Initializing Barnyard2 ==--
Jan 10 23:29:00 raspberrypi-black barnyard2[5025]: Initializing Input Plugins!
Jan 10 23:29:00 raspberrypi-black barnyard2[5025]: Initializing Output Plugins!
Jan 10 23:29:00 raspberrypi-black barnyard2[5025]: Parsing config file
"/etc/snort/barnyard2.conf"
Jan 10 23:29:00 raspberrypi-black barnyard2[5025]: #012#012+[
Signature Suppress list ]+#012----------------------------
Jan 10 23:29:00 raspberrypi-black barnyard2[5025]: +[No entry in
Signature Suppress List]+
Jan 10 23:29:00 raspberrypi-black barnyard2[5025]:
----------------------------#012+[ Signature Suppress list ]+
Can someone help?
------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today. http://sdm.link/xeonphi
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- No Alerts on snorby-barnyard2 Paraskevas Lampadas (Jan 11)