Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Problem showing traffic on BASE

From: Bouchra Badri <bouchra.badri () gmail com>
Date: Sun, 17 Feb 2013 12:13:50 +0000
Hello,
I'm sorry if I'm on the wrong mailing list, I hope you still can help me.
I have followed a tutorial about snort installation at the end of which I
was able to log alerts, visible in /var/log/snort/alert .
Running snort creates a /var/log/snort/snort.logxxxxxxxxx , the waldo file
is created afterwards using the same file - I can't really know what's in
it ( binary ).
snort.conf has unified2 as output, barnyard has it as input, the output
being the mysql database.
When I run both snort and barnyard2, nothing happens in BASE.
I see Sensors/Total : 0/2 so there must be something, just not detected...

My question is, how can I add more sensors in BASE?
How do I get it to show me the traffic ?

Is there something else I should do ? Like mirroring the traffic ?
PS: this command : iptables -A PREROUTING -t mangle -j ROUTE --gw
192.168.1.90 --tee
doesn't work for me ( something about multiple -j flags not allowed ) which
i don't quite get.



Here is the output from Barny :
------------------------
database: [SynchronizeEventId()]: Problems executing [SELECT MAX(cid) FROM
data WHERE sid='2';]
database: [SynchronizeEventId()]: Problems executing [SELECT MAX(cid) FROM
event WHERE sid='2';]
database: [SynchronizeEventId()]: Problems executing [SELECT MAX(cid) FROM
icmphdr WHERE sid='2';]
database: [SynchronizeEventId()]: Problems executing [SELECT MAX(cid) FROM
iphdr WHERE sid='2';]
database: [SynchronizeEventId()]: Problems executing [SELECT MAX(cid) FROM
opt WHERE sid='2';]
database: [SynchronizeEventId()]: Problems executing [SELECT MAX(cid) FROM
tcphdr WHERE sid='2';]
database: [SynchronizeEventId()]: Problems executing [SELECT MAX(cid) FROM
udphdr WHERE sid='2';]
[SignatureReferencePullDataStore()]: No Reference found in database ...
database: compiled support for (mysql)
database: configured to use mysql
database: schema version = 107
database:           host = localhost
database:           user = snort
database:  database name = snort
database:    sensor name = localhost:eth0
database:      sensor id = 2
database:     sensor cid = 4
database:  data encoding = hex
database:   detail level = full
database:     ignore_bpf = no
database: using the "log" facility

        --== Initialization Complete ==--

  ______   -*> Barnyard2 <*-
 / ,,_  \  Version 2.1.11 (Build 320)
 |o"  )~|  By Ian Firns (SecurixLive): http://www.securixlive.com/
 + '''' +  (C) Copyright 2008-2012 Ian Firns <firnsy () securixlive com>

Using waldo file '/var/log/snort/barnyard2.waldo':
    spool directory = /var/log/snort
    spool filebase  = snort.log
    time_stamp      = 1361058230
    record_idx      = 0
Opened spool file '/var/log/snort/snort.log.1361101614'
Waiting for new data
----------------------------------------------------------

Please??

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_feb
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: