Snort mailing list archives
Re: Having problem with Barnyard
From: JJC <cummingsj () gmail com>
Date: Wed, 23 Jun 2010 18:00:33 -0600
At quick glance it looks correct.. a few things: 1. /dev/null your waldo file 2. have you verified mysql permissions for the user specified in by2 3. are you seeing your snort.log files increment as alerts are generated 4. when you run by2 (not daemonized) does it say anything about reading spool files etc etc? On Wed, Jun 23, 2010 at 5:57 PM, Nick Moore <nmoore () sourcefire com> wrote:
JJ, snort -i eth1 -c /etc/snort/snort.conf (pretty boring really) barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.log -w /etc/snort/barnyard2.waldo Nick On Wed, Jun 23, 2010 at 6:50 PM, JJC <cummingsj () gmail com> wrote:What are your runtime options to start each snort and by2? On Wed, Jun 23, 2010 at 4:32 PM, Nick Moore <nmoore () sourcefire com>wrote:All, I'm having a problem with Barnyard putting data into MySQL. Snort is seeing events and the log file is increasing, but no events have yet been written to the database. I've attached my snort.conf and barnyard2.conf. Based on the Snort screen output below, I'm sure events are triggering: =============================================================================== Action Stats: ALERTS: 246 LOGGED: 246 PASSED: 0 ===================== I'm sure I'm overlooking something simple. If anyone can point me in the right direction, it would be much appreciated. Thanks! -- Nick Moore, SFCE, CISSP, CISA Sr. Systems Engineer Voice 708-336-9041 Email nick.moore () sourcefire com IM nickgmoore (Yahoo) nickgmoore38 (AIM) ,,_ o" )~ Sourcefire - The Creators of Snort '''' www.sourcefire.com www.snort.org ------------------------------------------------------------------------------ ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users-- Nick Moore, SFCE, CISSP, CISA Sr. Systems Engineer Voice 708-336-9041 Email nick.moore () sourcefire com IM nickgmoore (Yahoo) nickgmoore38 (AIM) ,,_ o" )~ Sourcefire - The Creators of Snort '''' www.sourcefire.com www.snort.org
------------------------------------------------------------------------------ ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Having problem with Barnyard Nick Moore (Jun 23)
- Re: Having problem with Barnyard JJC (Jun 23)
- Re: Having problem with Barnyard Nick Moore (Jun 23)
- Re: Having problem with Barnyard JJC (Jun 23)
- Re: Having problem with Barnyard Nick Moore (Jun 23)
- Re: Having problem with Barnyard firnsy (Jun 24)
- Message not available
- Re: Having problem with Barnyard firnsy (Jun 24)
- Re: Having problem with Barnyard Nick Moore (Jun 23)
- Re: Having problem with Barnyard JJC (Jun 23)