Home page logo

snort logo Snort mailing list archives

Re: Install Snort on Ubuntu with mysql and SnortReports
From: "Atkins, Dwane P" <ATKINSD () uthscsa edu>
Date: Wed, 10 Nov 2010 12:14:21 -0600

If I do a ps -A | grep barnyard, I do not see any processes.  Should it be running?


-----Original Message-----
From: Castle, Shane [mailto:scastle () bouldercounty org] 
Sent: Wednesday, November 10, 2010 10:11 AM
To: Atkins, Dwane P; snort-users () lists sourceforge net
Subject: RE: [Snort-users] Install Snort on Ubuntu with mysql and SnortReports

Hard to say. We'd have to look at your (snort|barnyard).conf files.
Also, all the junk you are putting on the command line for the barnyard
options can be put into a config file. Look at this from one of my
barnyard2 config files (some info deleted):

config logdir: /var/snort/barnyard-eth2
config waldo_file: /var/snort/barnyard-eth2/waldo
config reference_file:      /etc/snort/reference.config
config classification_file: /etc/snort/classification.config
config gen_file:            /etc/snort/gen-msg.map
config sid_file:                /etc/snort/sid-msg.map
config sid_file:                /etc/snort/rules/emerging-sid-msg.map
config sid_file:                /etc/snort/local-sid-msg.map
config alert_with_interface_name
config alert_on_each_packet_in_stream
config daemon
config set_gid: IDS
config set_uid: snort
config decode_data_link
config dump_payload_verbose
config show_year
config umask: 002
config process_new_records_only
input unified2
output database: alert, mysql, dbname=XXXXXX user=XXXXXXXX
host=localhost password=XXXXXXXX

Shane Castle
Data Security Mgr, Boulder County IT

-----Original Message-----
From: Atkins, Dwane P [mailto:ATKINSD () uthscsa edu] 
Sent: Wednesday, November 10, 2010 08:45
To: 'snort-users () lists sourceforge net'
Subject: [Snort-users] Install Snort on Ubuntu with mysql and

I am still working at this.  


I am not sure I am reporting to the mysql database at this point.


Is this proper:


snorttest () Wilbur:~$ ps -aux | grep snort

Warning: bad ps syntax, perhaps a bogus '-'? See

snort     1681  0.0  4.0 188532 126048 ?       Ss   Nov09   0:02
/usr/local/snort/bin/snort -D -u snort -g snort -c
/usr/local/snort/etc/snort.conf -i eth0

root      1683  0.0  0.0   5324  1244 ?        Ss   Nov09   0:02
/usr/local/bin/barnyard2 -c /usr/local/snort/etc/barnyard2.conf -G
/usr/local/snort/etc/gen-msg.map -S /usr/local/snort/sid-msg.map -d
/var/log/snort -f snort.u2 -w /var/log/snort/barnyard2.waldo -D

root      2236  0.0  0.1   8936  3124 ?        Ss   09:28   0:00 sshd:
snorttest [priv]

1000      2308  0.0  0.0   8936  1520 ?        S    09:28   0:00 sshd:
snorttest () pts/0

1000      2362  0.0  0.0   4012   756 pts/0    S+   09:43   0:00 grep
--color=auto snort


I just need to see some packets in the mysql dump.  Any help would be
appreciated at this point.


HTnak you all for your help yesterday.


The Next 800 Companies to Lead America's Growth: New Video Whitepaper
David G. Thomson, author of the best-selling book "Blueprint to a 
Billion" shares his insights and actions to help propel your 
business during the next growth cycle. Listen Now!
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]