Snort mailing list archives
Re: FW: Snort 2.8.6 & Snort Report 1.3.1 with "NoData..."
From: David Gullett <dgullett () symmetrixtech com>
Date: Thu, 26 Aug 2010 20:52:47 -0500
The '.' and ':' are functionally the same in the chown command... At least with the syntax in the guide. John and I worked together and got his installation working. It was an issue with Barnyard2 not importing into MySQL. Regards, David Gullett | Symmetrix Technologies dgullett () symmetrixtech com -----Original Message----- From: Billy Marshall <Billy.Marshall () state co us> To: Jun Wan <junwei_wan () hotmail com>, snort-users () lists sourceforge net Subject: Re: [Snort-users] FW: Snort 2.8.6 & Snort Report 1.3.1 with "NoData..." Date: Thu, 26 Aug 2010 07:51:23 -0600 as far as the chown command, yes, it is a typo. However, file location is a matter of preference and where ever the config files live you need to match them with how snort/barnyard is invoked. This could be a startup script or within the .conf files themselves. On the note that they fail to report try: mysql -usnort -p<your mysql password> -D snort -e "select count(*) from event" run this a few times if the database grows then either barnyard or snort is logging. Verify which by either commenting out output unified2: filename <your file name>, limit 128 --- from snort.conf for barnyard logging or output database: log, mysql, user=snort password=<your password> dbname=snort host=localhost --- from snort.conf for snort logging Last you may look in your log files where the alerts are kept to see if they are proper ownership. I have noticed if I run snort as a different user it creates an alert.xxx file with different ownership and when I start it with snort it gets hosed because of permissions. e.g make sure all log files for snort alerts are: chown snort:snort <path to log files> ------------------------------------------------------------------------------ Sell apps to millions through the Intel(R) Atom(Tm) Developer Program Be part of this innovative community and reach millions of netbook users worldwide. Take advantage of special opportunities to increase revenue and speed time-to-market. Join now, and jumpstart your future. http://p.sf.net/sfu/intel-atom-d2d _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Sell apps to millions through the Intel(R) Atom(Tm) Developer Program Be part of this innovative community and reach millions of netbook users worldwide. Take advantage of special opportunities to increase revenue and speed time-to-market. Join now, and jumpstart your future. http://p.sf.net/sfu/intel-atom-d2d
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort 2.8.6 & Snort Report 1.3.1 with "No Data..." Jun Wan (Aug 24)
- Snort 2.8.6 & Snort Report 1.3.1 with "No Data..." Jun Wan (Aug 24)
- <Possible follow-ups>
- FW: Snort 2.8.6 & Snort Report 1.3.1 with "No Data..." Greg Lane (Aug 25)
- Re: FW: Snort 2.8.6 & Snort Report 1.3.1 with "No Data..." Jun Wan (Aug 25)
- Re: FW: Snort 2.8.6 & Snort Report 1.3.1 with "NoData..." Billy Marshall (Aug 26)
- Re: FW: Snort 2.8.6 & Snort Report 1.3.1 with "NoData..." David Gullett (Aug 26)
- Re: FW: Snort 2.8.6 & Snort Report 1.3.1 with "NoData..." Jun Wan (Aug 26)
- Re: FW: Snort 2.8.6 & Snort Report 1.3.1 with "NoData..." Greg Lane (Aug 27)
- Re: FW: Snort 2.8.6 & Snort Report 1.3.1 with "No Data..." Jun Wan (Aug 25)
- Re: FW: Snort 2.8.6 & Snort Report 1.3.1 with "NoData..." Jun Wan (Aug 27)