Home page logo
/

snort logo Snort mailing list archives

Re: Install Snort on Ubuntu with mysql and SnortReports
From: "Castle, Shane" <scastle () bouldercounty org>
Date: Wed, 10 Nov 2010 09:10:33 -0700

Hard to say. We'd have to look at your (snort|barnyard).conf files.
Also, all the junk you are putting on the command line for the barnyard
options can be put into a config file. Look at this from one of my
barnyard2 config files (some info deleted):

config logdir: /var/snort/barnyard-eth2
config waldo_file: /var/snort/barnyard-eth2/waldo
config reference_file:      /etc/snort/reference.config
config classification_file: /etc/snort/classification.config
config gen_file:            /etc/snort/gen-msg.map
config sid_file:                /etc/snort/sid-msg.map
config sid_file:                /etc/snort/rules/emerging-sid-msg.map
config sid_file:                /etc/snort/local-sid-msg.map
config alert_with_interface_name
config alert_on_each_packet_in_stream
config daemon
config set_gid: IDS
config set_uid: snort
config decode_data_link
config dump_payload_verbose
config show_year
config umask: 002
config process_new_records_only
input unified2
output database: alert, mysql, dbname=XXXXXX user=XXXXXXXX
host=localhost password=XXXXXXXX

-- 
Shane Castle
Data Security Mgr, Boulder County IT
CISSP GSEC GCIH

-----Original Message-----
From: Atkins, Dwane P [mailto:ATKINSD () uthscsa edu] 
Sent: Wednesday, November 10, 2010 08:45
To: 'snort-users () lists sourceforge net'
Subject: [Snort-users] Install Snort on Ubuntu with mysql and
SnortReports

I am still working at this.  

 

I am not sure I am reporting to the mysql database at this point.

 

Is this proper:

 

snorttest () Wilbur:~$ ps -aux | grep snort

Warning: bad ps syntax, perhaps a bogus '-'? See
http://procps.sf.net/faq.html

snort     1681  0.0  4.0 188532 126048 ?       Ss   Nov09   0:02
/usr/local/snort/bin/snort -D -u snort -g snort -c
/usr/local/snort/etc/snort.conf -i eth0

root      1683  0.0  0.0   5324  1244 ?        Ss   Nov09   0:02
/usr/local/bin/barnyard2 -c /usr/local/snort/etc/barnyard2.conf -G
/usr/local/snort/etc/gen-msg.map -S /usr/local/snort/sid-msg.map -d
/var/log/snort -f snort.u2 -w /var/log/snort/barnyard2.waldo -D

root      2236  0.0  0.1   8936  3124 ?        Ss   09:28   0:00 sshd:
snorttest [priv]

1000      2308  0.0  0.0   8936  1520 ?        S    09:28   0:00 sshd:
snorttest () pts/0

1000      2362  0.0  0.0   4012   756 pts/0    S+   09:43   0:00 grep
--color=auto snort

 

I just need to see some packets in the mysql dump.  Any help would be
appreciated at this point.

 

HTnak you all for your help yesterday.


Dwane


------------------------------------------------------------------------------
The Next 800 Companies to Lead America's Growth: New Video Whitepaper
David G. Thomson, author of the best-selling book "Blueprint to a 
Billion" shares his insights and actions to help propel your 
business during the next growth cycle. Listen Now!
http://p.sf.net/sfu/SAP-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault