Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Snort / Barnyard2 Issues - 2

From: AllowOverride <allowoverride () gmail com>
Date: Fri, 05 Oct 2012 13:45:02 -0700
here are all my configs for the 6 programs in question minus base-1.4.5
configs, not there yet.

please take a look and let me know where i have made mistakes. thanks in
advance.

i am also interested: 

/usr/local/bin/snort -A fast -q -u snort -g snort \
-c /etc/snort/etc/snort.conf -i eth0

or 

/usr/local/bin/snort -A console -q -u snort -g snort
-c /etc/snort/etc/snort.conf -i eth0

I am seeing pings from defined test rule for local.rules working only,
and not the snort.rules. snort.rules was updated by pp.pl successfully,
however, the only way snort outputs anything in logs or on console per
those cmds above works ONLY when i cat snort.rules >> local.rules, or
simply by local.rules itself. I notice in the Howtos, they stated to #
$RULES all of them except local.rules in snort.conf. i assume for
testing, but the new snort way says only one large rules file ie.
snort.rules. 

i am trying to log info first to mysql, and from there other progs like
base and snortreports and jpgraph will display from mysql data.

right now, snort works - sorta, in that is is creating a unified2 output
file in /var/log/snort.log.xxxx but is not able to be input to the db
via barnyard2. i am just using a simple fast logger to mysql process,
thats it, at the moment. 

i have included all my .confs in CONFS.tar.gz attached. PLEASE take a
gander, say what ever you wish, i really appreciate the help an input. 

sorry for sloppy format of all my emails, im trying to make it simple,
sometimes thats hard. 

i will be back in a few hours, i need a break..
to see any findings... 

please ask for any input i can give you, whree things are, so forth so
on, i will answer as quickly as possible.

thank you!!

Attachment: CONFS.tar.gz
Description: 

------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: