Snort mailing list archives

Previous By Date Next
Previous By Thread Next

I have a problem snort. Barnyard2 doesn't write log file to mysql. PLS HELP ME!!!

From: Serikjan Nurgaiv <n.seka_91 () yahoo com>
Date: Wed, 4 Sep 2013 21:44:37 -0700 (PDT)
When i start my services (snort, mysql, http, barnyard2) start 
fine.  In my log file (var/log/snort) written alerts. But in my database (mysql) empty.
I can see the alerts
                            
    
  
[root@localhost Desktop]# vi /usr/local/snort/etc/snort.conf 

var RULE_PATH /usr/local/snort/rules
var SO_RULE_PATH /usr/local/snort/so_rules
var PREPROC_RULE_PATH /usr/local/snort/preproc_rules


# If you are using reputation preprocessor set these
# Currently there is a bug with relative paths, they are relative to where snort is
# not relative to snort.conf like the above variables
# This is completely inconsistent with how other vars work, BUG 89986
# Set the absolute path appropriately
var WHITE_LIST_PATH /usr/local/snort/rules
var BLACK_LIST_PATH /usr/local/snort/rules
var CONF_PATH /usr/local/etc/snort
var LIB_PATH /usr/local/lib
var SORULE_PATH $CONF_PATH/so_rules

[root@localhost Desktop]# vi /etc/snort/barnyard.conf

output unified2: filename snort.u2, limit 128

config reference_file:      /etc/snort/reference.config
config classification_file: /etc/snort/classification.
config
config gen_file:            /etc/snort/gen-msg.map
config sid_file:            /etc/snort/sid-msg.map
config hostname: localhost
config interface: eth0
output database: log, mysql, user=snort password=snort dbname=snort host=localhost

But my database is empty
mysql> use snort;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> select * from event;
Empty set (0.00 sec)

mysql> 

And I configure BASE SYSTEM. Also can't connect mysql.
------------------------------------------------------------------------------
How ServiceNow helps IT people transform IT departments:
1. Consolidate legacy IT systems to a single system of record for IT
2. Standardize and globalize service processes across IT
3. Implement zero-touch automation to replace manual, redundant tasks
http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: