Re: FW: Snort 2.8.6 & Snort Report 1.3.1 with "NoData..."

["Greg Lane" <greglane () laneconstinc com>]

This worked beautifully when I came in this morning.  I have snort report
and BASE up and running with Snort now but only on the main page so I'm
hoping I can get the other pages working correctly.  Looking at the command
now I can see how barnyard wasn't doing what it was supposed to do.  This is
awesome thanks for all the help.

Greg Lane
IT Manager
Lane Enterprises

Email:  greglane () laneconstinc com
Phone: (228)872-2414

-----Original Message-----
From: Jun Wan [mailto:junwei_wan () hotmail com] 
Sent: Thursday, August 26, 2010 11:36 PM
To: snort-users () lists sourceforge net
Cc: dgullett () symmetrixtech com
Subject: Re: [Snort-users] FW: Snort 2.8.6 & Snort Report 1.3.1 with
"NoData..."


Hi All,

Now Snort report 1.3.1 is working beautifully after I executed David's
instructions, pls see followings:

jwan@snort03:~$ sudo /usr/local/snort/bin/snort -D -u snort -g snort -c
/usr/local/snort/etc/snort.conf -i eth0

jwan@snort03:~$ sudo /usr/local/bin/barnyard2 -c
/usr/local/snort/etc/barnyard2.conf -G /usr/local/snort/etc/gen-msg.map -S
/usr/local/snort/etc/sid-msg.map -d /var/log/snort -f snort.u2 -w
/var/log/snort/barnyard2.waldo

Many thanks for David's help again.

Regards
 
John





From: dgullett () symmetrixtech com
To: snort-users () lists sourceforge net
Date: Thu, 26 Aug 2010 20:52:47 -0500
Subject: Re: [Snort-users] FW: Snort 2.8.6 & Snort Report 1.3.1 with
"NoData..."


The '.' and ':' are functionally the same in the chown command... At least
with the syntax in the guide.

John and I worked together and got his installation working. It was an issue
with Barnyard2 not importing into MySQL.

Regards,









David Gullett | Symmetrix Technologies
dgullett () symmetrixtech com





-----Original Message-----
From: Billy Marshall <Billy.Marshall () state co us>
To: Jun Wan <junwei_wan () hotmail com>, snort-users () lists sourceforge net
Subject: Re: [Snort-users] FW: Snort 2.8.6 & Snort Report 1.3.1 with
"NoData..."
Date: Thu, 26 Aug 2010 07:51:23 -0600

as far as the chown command, yes, it is a typo. However, file location is a
matter of preference and where ever the config files live you need to match
them with how snort/barnyard is invoked. This could be a startup script or
within the .conf files themselves. On the note that they fail to report try:
mysql -usnort -p<your mysql password> -D snort -e "select count(*) from
event" run this a few times if the database grows then either barnyard or
snort is logging. Verify which by either commenting out output unified2:
filename <your file name>, limit 128 --- from snort.conf for barnyard
logging or output database: log, mysql, user=snort password=<your password>
dbname=snort host=localhost --- from snort.conf for snort logging Last you
may look in your log files where the alerts are kept to see if they are
proper ownership. I have noticed if I run snort as a different user it
creates an alert.xxx file with different ownership and when I start it with
snort it gets hosed because of permissions. e.g make sure all log files for
snort alerts are: chown snort:snort <path to log files> 
----------------------------------------------------------------------------
--Sell apps to millions through the Intel(R) Atom(Tm) Developer ProgramBe
part of this innovative community and reach millions of netbook users
worldwide. Take advantage of special opportunities to increase revenue and
speed time-to-market. Join now, and jumpstart your
future.http://p.sf.net/sfu/intel-atom-d2d___________________________________
____________ Snort-users mailing list Snort-users () lists sourceforge net Go
to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list
archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users

----------------------------------------------------------------------------
-- Sell apps to millions through the Intel(R) Atom(Tm) Developer Program Be
part of this innovative community and reach millions of netbook users
worldwide. Take advantage of special opportunities to increase revenue and
speed time-to-market. Join now, and jumpstart your future.
http://p.sf.net/sfu/intel-atom-d2d
_______________________________________________ Snort-users mailing list
Snort-users () lists sourceforge net Go to this URL to change user options or
unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

----------------------------------------------------------------------------
--
Sell apps to millions through the Intel(R) Atom(Tm) Developer Program
Be part of this innovative community and reach millions of netbook users 
worldwide. Take advantage of special opportunities to increase revenue and 
speed time-to-market. Join now, and jumpstart your future.
http://p.sf.net/sfu/intel-atom-d2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


------------------------------------------------------------------------------
Sell apps to millions through the Intel(R) Atom(Tm) Developer Program
Be part of this innovative community and reach millions of netbook users 
worldwide. Take advantage of special opportunities to increase revenue and 
speed time-to-market. Join now, and jumpstart your future.
http://p.sf.net/sfu/intel-atom-d2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users