Snort mailing list archives
Re: Problems with Snort, Barnyard2, BASE on SUSE 11
From: Nick Moore <nmoore () sourcefire com>
Date: Wed, 28 Apr 2010 16:52:18 -0500
Also, are you using a waldo file with barnyard and can you send its contents? Nick On Wed, Apr 28, 2010 at 2:04 PM, Michael Sloan <sloan () caps fsu edu> wrote:
I've tried to set up Snort on SUSE Linux Enterprise Server 11, and have
run into troubles. I think it might have been working at one point, but
now i think it's stopped but I'm not sure, and not entirely sure I even
compiled and configured everything correctly.
I'm using Snort 2.8.5.3, Base 1.4.5, Barnyard2 1.8, and mySQL 5.0.67
Barnyard2: compiled with --enable-mysql
Snort: compiled with --enable-targetbased (I could not get --with-mysql
to work, and didn't actually peruse the mailing lists until long after I
got everything installed and possibly configured)
In snort.conf:
output unified2: filename snort.log, limit 128
In barnyard2.conf:
output database: alert, mysql, user=snort password=TopSecretPassword
dbname=snort host=localhost
mysql reports that the user snort@localhost has
SELECT, INSERT, UPDATE, DELETE, CREATE on snort.*
SELECT, INSERT, UPDATE on snort.sensor
Snort is started with:
/usr/local/bin/snort -c /etc/snort/snort.conf -i eth0 -d -D -u snort
And barnyard2 is started with:
/usr/local/bin/barnyard2 -c /etc/snort/barnyard2.conf -D -d
/var/log/snort
-f snort.log -u snort
After a couple of weeks, I see that snort.log is 133k, but no alerts
whatsoever have been displayed in BASE. BASE is showing the proper
database name, and user.
I see in /var/log/messages (after restarting snort and barnyard2 today)
that barnyard2 read 706 records from the 133k file. I do not see any
errors in the mysqld logs.
I've looked at installation guides for SUSE 10, Fedora Core 11, and read
enough from different sources that now I really have no idea what could
be wrong and after spending quite a few hours on this over the course of
the last few weeks, I've run out of ideas on what to tweak and change.
Any suggestions or (or requests for further information needed) would be
greatly appreciated.
--
Michael Sloan
Systems Administrator
FSU Center for Advanced Power Systems
sloan () caps fsu edu
------------------------------------------------------------------------------
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
--
Nick Moore, SFCE, CISSP, CISA
Sr. Systems Engineer
Voice 708-336-9041
Email nick.moore () sourcefire com
IM nickgmoore (Yahoo)
nickgmoore38 (AIM)
,,_
o" )~ Sourcefire - The Creators of Snort
''''
www.sourcefire.com www.snort.org
------------------------------------------------------------------------------
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Problems with Snort, Barnyard2, BASE on SUSE 11 Michael Sloan (Apr 28)
- Re: Problems with Snort, Barnyard2, BASE on SUSE 11 Joel Esler (Apr 28)
- Re: Problems with Snort, Barnyard2, BASE on SUSE 11 Michael Sloan (Apr 29)
- Re: Problems with Snort, Barnyard2, BASE on SUSE 11 Nick Moore (Apr 28)
- Re: Problems with Snort, Barnyard2, BASE on SUSE 11 Joel Esler (Apr 28)