Home page logo
/

snort logo Snort mailing list archives

mysql error and sensor name
From: Balla István <balla.bmf () gmail com>
Date: Thu, 9 May 2013 13:26:26 +0200

I m not familiar at all with mysql and found some problem (first 3 lines)
related to it when started barnyard2 with:* /usr/local/bin/barnyard2 -c
/usr/local/snort/etc/barnyard2.conf -d /var/log/snort -f snort.u2 -w
/var/log/snort/barnyard2.waldo*


*database: [SynchronizeEventId()]: Problems executing [SELECT MAX(cid) FROM
icmphdr WHERE sid='3';]
database: [SynchronizeEventId()]: Problems executing [SELECT MAX(cid) FROM
udphdr WHERE sid='3';]
[SignatureReferencePullDataStore()]: No Reference found in database ...
database: compiled support for (mysql)
database: configured to use mysql
database: schema version = 107
database:           host = localhost
database:           user = root
database:  database name = snort
database:    sensor name = localhost:eth3
database:      sensor id = 3
database:     sensor cid = 1119
database:  data encoding = hex
database:   detail level = full
database:     ignore_bpf = no
database: using the "log" facility*

In barnyard2.conf I have* config hostname: localhost* and *config
interface: eth3*
As you can see it made sensor name from these. Also in my barnyard2.conf
there s an entry:
*output alert_syslog_full: sensor_name ubuntu, server 10.10.10.2, protocol
udp, port 514, operation_mode default*

Should sensor_name be localhost:eth3 instead of ubuntu (which is the
hostname)?

Thanks
------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and 
their applications. This 200-page book is written by three acclaimed 
leaders in the field. The early access version is available now. 
Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault