Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort Install successful - Need a proper database

From: waldo kitty <wkitty42 () windstream net>
Date: Wed, 21 Nov 2012 13:20:20 -0500
On 11/21/2012 12:18, k vijay sai prashanth wrote:

All resolved now. Each time I start barnyard2 the events count is incremented.
So barnyard2 is feeding the events from snort to the mysql database. Thanks Ron.
Appreciate the advise. Sadly I am not sure which of the steps rectified the issue.

The following are the changes I made which caused the installation to be successful:

1. output alert_fast to output alert_fast: stdout.
2. change is barnyard.conf
3. Did a make clean on the barnyard2 installation and then did the ./configure
--with-mysql.
4. changed the variables config hostname from thor to localhost.


ahhh... if thor is the name of the host the machine that the database and 
barnyard2 live on, then i would say that the problem was your mysql is/was not 
configured to look for connections on all interfaces... by default, mysql allows 
only connections from localhost but this is easily changed :)

FWIW: your barnyard log file should have shown the attempts to connect to mysql 
on thor as failing if this was the problem...


5. And make sure when you run barnyard2 using the below command the snort
process must already be running.


BY2 should be able to come up and execute while noticing that mysql is not 
available yet... it should then notice when mysql does become available... but 
for simplicity, on boot up i would start snort and mysql before starting BY2... 
maybe even looking for the PIDs of those tasks before starting BY2... both have 
to be running before BY2 can perform any /meaningful/ task(s)... ;)

------------------------------------------------------------------------------
Monitor your physical, virtual and cloud infrastructure from a single
web console. Get in-depth insight into apps, servers, databases, vmware,
SAP, cloud infrastructure, etc. Download 30-day Free Trial.
Pricing starts from $795 for 25 servers or applications!
http://p.sf.net/sfu/zoho_dev2dev_nov
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: