[Snort-users] Remote sensor startup issue.

mdpeters michael.peters at ...10939...
Wed Feb 16 04:38:09 EST 2005


Thanks for the explanation. I did resolve the startup issue. Chalk it up to 
Fedora Core weirdness. I've built dozens of Snort boxes and this would be 
the very first startup script issue I have had.


----- Original Message ----- 
From: "Alex Butcher, ISC/ISYS" <Alex.Butcher at ...11254...>
To: "mdpeters" <michael.peters at ...10939...>
Cc: <snort-users at lists.sourceforge.net>
Sent: Wednesday, February 16, 2005 5:15 AM
Subject: Re: [Snort-users] Remote sensor startup issue.


>
>
> --On 15 February 2005 08:12 -0500 mdpeters 
> <michael.peters at ...10939...> wrote:
>
>> Are you suggesting that a remote Snort sensor can not send alerts to a
>> central Snort MySQL system?
>
> It can, but as it's not multithreaded, if the database slows down, snort 
> will start dropping (i.e. ignoring, rather than blocking) traffic.
>
>> It seems to me that all I need to do is resolve the startup malfunction.
>> It logs just fine when I manually fire
>> the remote sensor up.
>>
>> I have no experience with Barnyard. Would I run a MySQL database on the
>> sensor and use Barnyard to send alerts to the central system?
>
> No. Snort logs to a unified log file, barnyard picks up new entries and 
> sends them to the database server. The database server and barnyard can be 
> on the same host, or different hosts. Barnyard and Snort must be on the 
> same machine (unless you use NFS or something to share out the log 
> director... ewwww...)
>
> To return to your original problem, though, what user is attempting to 
> start snort at system boot? Do they have read access to all the snort 
> config files? What error messages are given? (they might be in 
> /var/log/messages or similar).
>
> Best Regards,
> Alex.
> -- 
> Alex Butcher: Security & Integrity, Personal Computer Systems Group
> Information Systems and Computing             GPG Key ID: F9B27DC9
> GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9
>
>
>
>
> -------------------------------------------------------
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real users.
> Discover which products truly live up to the hype. Start reading now.
> http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 





More information about the Snort-users mailing list