Snort mailing list archives

Re: Snort not generating alerts

From: Peter Bates <peter.bates () ucl ac uk>
Date: Fri, 13 Jul 2012 09:21:48 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hello all

On 13/07/2012 07:21, Pratik Narang wrote:

And as far as the (a) to (e) steps are concerned, yes i have
tried that....but stuck with the corrupt/truncated waldo file
warning...


You shouldn't necessarily have to touch the waldo file when you're
starting up.

As Ian has commented earlier on the list:

"
- --== Initializing Barnyard2 ==--
Initializing Input Plugins!
Initializing Output Plugins!
Parsing config file "/usr/local/snort/etc/barnyard2.conf"
Log directory = /var/log/barnyard2
"

If you're writing your unified2 files to one directory and barnyard2
is looking in an entirely different directory then you won't get any
alerts (into MySQL).

- -- 
Peter Bates
Senior Computer Security Officer    Phone: +44(0)2076792049
Information Services Division       Internal Ext: 32049
University College London
London WC1E 6BT


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJP/9qcAAoJELhVoVpEMS6RVd0H/1eDYABVvbM+SqC5DvvwymIq
JGRHTVXmr2Mn4ZbStpnzhFP0BM3EFfcGHyTzJl54BP1ioUAy1qk6ZBnuRasXuf0t
/hb6WSeeHI5vQ30Y4JYzqA83hNWOzsfoJTD75ZtD531ybzSuZttw3iWWZc603qKA
yu8VVVxeynomMtEDmzhwq9mUcLujSVd7VzmdXjNy54YBomeyvzk6DlpO1NlbUDDi
ZbXU553+IrZQRoIqosd128eFsLTgJ8Yd8n732Y9unItUpuiU1X5ayXVHHHKFIRst
yPxk39GuJklCql5itRyRBJUXL9BfYO4Csy9ZvECgVW6BnSuUY1dwAkYAuzIXisM=
=6hO2
-----END PGP SIGNATURE-----


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Re: Snort not generating alerts, (continued)
- Re: Snort not generating alerts praveen_recker . (Jul 05)
  - Re: Snort not generating alerts Pratik Narang (Jul 05)
    - Re: Snort not generating alerts Pratik Narang (Jul 10)
    - Message not available
    - Re: Snort not generating alerts Pratik Narang (Jul 10)
    - Re: Snort not generating alerts Richmond, Ian (Jul 12)
- Re: Snort not generating alerts Pratik Narang (Jul 10)
  - Re: Snort not generating alerts Peter Bates (Jul 10)
    - Re: Snort not generating alerts Pratik Narang (Jul 10)
    - Re: Snort not generating alerts Peter Bates (Jul 10)
    - Re: Snort not generating alerts Pratik Narang (Jul 12)
    - Re: Snort not generating alerts Peter Bates (Jul 13)