Re: Snort Install successful - Need a proper database

[waldo kitty <wkitty42 () windstream net>]

On 11/20/2012 13:35, k vijay sai prashanth wrote:
> Hey Waldo,
>
> I've installed snort and Barnyard2 and mysql. how do I run all of them and get
> them to work and know if they're linked?

each is a separate process so each is started on its own... you already have 
snort working, right? if not, then stop and get snort working first...

if snort is working, the next step would be to get the database operational... 
yes, this seems out of order as snort is one end of the line and the database is 
the other end but both have to be working before BY2 can enter the fray and move 
the data from snort to the database...

in getting BY2 working, its operations configuration process tells what it looks 
for (unified2 log file and file name) from snort and what it needs to access the 
database (database server address, username, password, table name prefix??)... 
you should already have followed the directions for creating the necessary 
database tables for BY2 to use...

if snort is working, check the BY2 log file(s) to see that it is properly 
reading the snort unified2 log file... also check that it can properly access 
the database to inject the data... if this is all working, the next step would 
be to query the database... just something simple to ensure that you can get the 
data from those tables that BY2 should be writing to...

if all of that works, then it is all working and you only need some front end to 
read the data in the database and correlate it for you...

NOTE: i've not actually performed the BY2 steps on any of my systems at this 
time... i do have numerous snort installs working as well as numerous database 
installs that work... i on;y need to see if i can get BY2 into the closed 
environment we use and that's going to be the hardest part i think...

> Regards,
> Prashanth
>
>
> On Tue, Nov 20, 2012 at 3:13 AM, waldo kitty <wkitty42 () windstream net
> <mailto:wkitty42 () windstream net>> wrote:
>
>     On 11/19/2012 14:38, k vijay sai prashanth wrote:
>      > Hello Team,
>      >
>      > Please help me on this. I am close to completing my installation of
>     snort. I can
>      > feel it. Also if someone can tell me the relevance of Barnyard2. Everyone
>     seems
>      > to be discussing about this. How does it help me. Does it help me
>     interpret the
>      > logs of snort?
>
>     as discussed in this thread -> Snortsam patch for 2.9.3.1 <- as a thread drift
>     instigated by me, barnyard2 takes the output from snort and converts it to
>     numerous other output formats so that snort can perform the busy job of sniffing
>     the traffic and not having to worry about getting the output to the
>     destination... snort writes the files that barnyard2 reads... then barnyard2
>     handles getting the data into databases or feeding it to front ends... barnyard2
>     can take all the time it needs while snort keeps on snorting and logging without
>     slowing down...
>
>            snort -> by2_input_files -> by2 -> database
>
>     as for installing a database and creating the tables, install mysql and
>     barnyard2... in the barnyard2 installation stuff, there will be something
>     describe and possibly even create the tables you will need... from there, you
>     can then choose what front end you want to use to peruse the data generated...
>
>     personally, i'm this || close to taking the plunge and seeing what i can break
>     in the closed environment we use over here ;)



------------------------------------------------------------------------------
Monitor your physical, virtual and cloud infrastructure from a single
web console. Get in-depth insight into apps, servers, databases, vmware,
SAP, cloud infrastructure, etc. Download 30-day Free Trial.
Pricing starts from $795 for 25 servers or applications!
http://p.sf.net/sfu/zoho_dev2dev_nov
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!