[Snort-devel] I have a problem snort. Barnyard2 doesn't write log file to mysql. PLS HELP ME!!!
n.seka_91 at ...398...
Thu Sep 5 00:44:37 EDT 2013
When i start my services (snort, mysql, http, barnyard2) start
fine. In my log file (var/log/snort) written alerts. But in my database (mysql) empty.
I can see the alerts
[root at ...196... Desktop]# vi /usr/local/snort/etc/snort.conf
var RULE_PATH /usr/local/snort/rules
var SO_RULE_PATH /usr/local/snort/so_rules
var PREPROC_RULE_PATH /usr/local/snort/preproc_rules
# If you are using reputation preprocessor set these
# Currently there is a bug with relative paths, they are relative to where snort is
# not relative to snort.conf like the above variables
# This is completely inconsistent with how other vars work, BUG 89986
# Set the absolute path appropriately
var WHITE_LIST_PATH /usr/local/snort/rules
var BLACK_LIST_PATH /usr/local/snort/rules
var CONF_PATH /usr/local/etc/snort
var LIB_PATH /usr/local/lib
var SORULE_PATH $CONF_PATH/so_rules
[root at ...196... Desktop]# vi /etc/snort/barnyard.conf
output unified2: filename snort.u2, limit 128
config reference_file: /etc/snort/reference.config
config classification_file: /etc/snort/classification.
config gen_file: /etc/snort/gen-msg.map
config sid_file: /etc/snort/sid-msg.map
config hostname: localhost
config interface: eth0
output database: log, mysql, user=snort password=snort dbname=snort host=localhost
But my database is empty
mysql> use snort;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
mysql> select * from event;
Empty set (0.00 sec)
And I configure BASE SYSTEM. Also can't connect mysql.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-devel