Snort mailing list archives

Re: Where's Waldo?

From: Paul Schmehl <pschmehl_lists () tx rr com>
Date: Tue, 09 Oct 2012 10:57:12 -0500

--On October 9, 2012 8:36:25 AM -0700 AllowOverride 
<allowoverride () gmail com> wrote:

can someone help me:

why is snort barnyard2 not logging to base-1.4.5 mysql db.?


Step 1: Get snort working
Step 2: Setup a database for barnyard2 to write to
Step 3: Setup barnyard2 and verify that it's reading snort logs
Step 4: Verify that barnyard2 is writing to the database
Step 5: Verify that base can login to the db and read the alerts

So - what are you logging with snort?  Are the logs there?  What format are 
they in?  Does barnyard read that format?

All these pieces are independent of each other.  Snort will happily log 
alerts all day long even if barnyard2 isn't installed.  Barnyard2 will 
happily sit and wait forever to read a snort log that never shows up.

Break the problem down into components.  Then verify each one before moving 
to the next one.  Is snort working? Yes, no.  If yes, move on.  If no, 
troubleshoot. Rinse, lather, repeat.
-- 
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
*******************************************
"It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead." Thomas Jefferson
"There are some ideas so wrong that only a very
intelligent person could believe in them." George Orwell


------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Where's Waldo? AllowOverride (Oct 08)
- Re: Where's Waldo? beenph (Oct 08)
  - Re: Where's Waldo? AllowOverride (Oct 09)
    - Re: Where's Waldo? Peter Bates (Oct 09)
    - Re: Where's Waldo? waldo kitty (Oct 10)
    - Re: Where's Waldo? AllowOverride (Oct 10)
    - Re: Where's Waldo? AllowOverride (Oct 10)
  - Re: Where's Waldo? AllowOverride (Oct 09)
    - Re: Where's Waldo? Paul Schmehl (Oct 09)
    - Re: Where's Waldo? AllowOverride (Oct 09)
    - Re: Where's Waldo? Paul Schmehl (Oct 09)
    - Re: Where's Waldo? AllowOverride (Oct 09)
    - Re: Where's Waldo? Paul Schmehl (Oct 09)
    - Re: Where's Waldo? AllowOverride (Oct 10)
    - Re: Where's Waldo? waldo kitty (Oct 10)
    - Re: Where's Waldo? AllowOverride (Oct 10)
    - Re: Where's Waldo? waldo kitty (Oct 10)
    - Re: Where's Waldo? AllowOverride (Oct 11)
    - Re: Where's Waldo? Peter Bates (Oct 11)

(Thread continues...)