Snort mailing list archives
Barnyard2 doesn't read alerts
From: Daniele Gallarato <daniele.gallarato () email it>
Date: Thu, 13 Feb 2014 17:08:58 +0100
Hello.
I've installed snort with barnyard2 (that log into mysql) and aanval, but I
can't view any alerts.
I've searched for some days into the Internet, but with no luck.
My installation is onto Ubuntu 12.04.4 LTS.
Snort version is 2.9.6.0 GRE (Build 47).
Barnyard2 is 2.1.9 (Build 263).
Into snort.conf I've configured:
output unified2: filename snort.log, limit 128
Barnyard2 run as:
barnyard2 -D -c /etc/*snort*/barnyard.conf -d /var/log/*snort*/eth1 -w
/var/log/*snort*/eth1/barnyard2.waldo -l /var/log/*snort*/eth1 -a /var/log/
*snort*/eth1/archive -f *snort*.log -X /var/lock/barnyard2-eth1.pid
If I start barnyard2 interactive, I get:
--== Initializing Barnyard2 ==--
Initializing Input Plugins!
Initializing Output Plugins!
Parsing config file "/etc/snort/barnyard.conf"
Log directory = /var/log/snort/eth1
database: compiled support for (mysql)
database: configured to use mysql
database: schema version = 107
database: host = localhost
database: user = snort
database: database name = snortdb
database: sensor name = snort:eth1
database: sensor id = 2
database: sensor cid = 1
database: data encoding = hex
database: detail level = full
database: ignore_bpf = no
database: using the "log" facility
--== Initialization Complete ==--
______ -*> Barnyard2 <*-
/ ,,_ \ Version 2.1.9 (Build 263)
|o" )~| By the SecurixLive.com Team: http://www.securixlive.com/about.php
+ '''' + (C) Copyright 2008-2010 SecurixLive.
Snort by Martin Roesch & The Snort Team:
http://www.snort.org/team.html
(C) Copyright 1998-2007 Sourcefire Inc., et al.
WARNING: Unable to open waldo file '/var/log/snort/eth1/barnyard2.waldo'
(No such file or directory)
Opened spool file '/var/log/snort/eth1/snort.log.1392303363'
Waiting for new data
Folder /var/log/snort/eth1/ has right permissions, and problem remains also
at second start.
snort.log.xx is populated properly by snort
mysql db is ok, if I change user or password into barnyard2 configuration,
it stop with an error.
Any suggestions will be appreciated.
Daniele Gallarato
------------------------------------------------------------------------------ Android apps run on BlackBerry 10 Introducing the new BlackBerry 10.2.1 Runtime for Android apps. Now with support for Jelly Bean, Bluetooth, Mapview and more. Get your Android app in front of a whole new audience. Start now. http://pubads.g.doubleclick.net/gampad/clk?id=124407151&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Barnyard2 doesn't read alerts Daniele Gallarato (Feb 13)
- Re: Barnyard2 doesn't read alerts Joel Esler (jesler) (Feb 13)
- Re: Barnyard2 doesn't read alerts Daniele Gallarato (Feb 13)
- Re: Barnyard2 doesn't read alerts beenph (Feb 13)
- Re: Barnyard2 doesn't read alerts Daniele Gallarato (Feb 13)
- Re: Barnyard2 doesn't read alerts Joel Esler (jesler) (Feb 13)