Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: AANVAL or MYSQL question

From: waldo kitty <wkitty42 () windstream net>
Date: Mon, 21 Apr 2014 20:20:40 -0400
On 4/21/2014 1:54 PM, Gierczak, Stan wrote:



Like I said.  You are losing me a little.  I am running barnyard as a startup when the system comes up, or by:
service barnyard2 start/stop


ok... that helps... the only other thing is what the barnyard2 startup script 
does BUT we shouldn't need that at this time...


I believe that all the configuration then comes from the /usr/local/etc/barnyard2.conf.
In that file are the following which are uncommented:
config reference_file:      /etc/snort/reference.config
config classification_file: /etc/snort/classification.config
config gen_file:            /etc/snort/gen-msg.map
config sid_file:                /etc/snort/sid-msg.map
config daemon
input unified2
output alert_fast: stdout
output database: log, mysql, user=snort_user password=snortuser dbname=snortdb host=localhost

When I stop and start barnyard, the following gets generated in the syslog file:


AFAIK, that all looks good...


Apr 21 12:44:08 rlicsnortids1 barnyard2[2014]: Running in Continuous mode

[...]

Apr 21 12:44:09 rlicsnortids1 barnyard2[2015]: Waiting for new data


this says that barnyard2 is waiting on snort to write data to the 
snort.log.xxxxxxxxxxxx pcap files... this i'm not sure about... a default snort 
creates pcap files with names like that but barnyard2 wants unified2 binary log 
files... so what does your snort.conf file's output section look like, please? 
there may be more than one entry... i forget what "Step" it is at the moment...


Thanks for your help again.


all of us volunteers are here to help as and when we can ;)

-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

------------------------------------------------------------------------------
Start Your Social Network Today - Download eXo Platform
Build your Enterprise Intranet with eXo Platform Software
Java Based Open Source Intranet - Social, Extensible, Cloud Ready
Get Started Now And Turn Your Intranet Into A Collaboration Platform
http://p.sf.net/sfu/ExoPlatform
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: