[Snort-users] Remote sensor startup issue.
michael.peters at ...10939...
Wed Feb 16 04:38:09 EST 2005
Thanks for the explanation. I did resolve the startup issue. Chalk it up to
Fedora Core weirdness. I've built dozens of Snort boxes and this would be
the very first startup script issue I have had.
----- Original Message -----
From: "Alex Butcher, ISC/ISYS" <Alex.Butcher at ...11254...>
To: "mdpeters" <michael.peters at ...10939...>
Cc: <snort-users at lists.sourceforge.net>
Sent: Wednesday, February 16, 2005 5:15 AM
Subject: Re: [Snort-users] Remote sensor startup issue.
> --On 15 February 2005 08:12 -0500 mdpeters
> <michael.peters at ...10939...> wrote:
>> Are you suggesting that a remote Snort sensor can not send alerts to a
>> central Snort MySQL system?
> It can, but as it's not multithreaded, if the database slows down, snort
> will start dropping (i.e. ignoring, rather than blocking) traffic.
>> It seems to me that all I need to do is resolve the startup malfunction.
>> It logs just fine when I manually fire
>> the remote sensor up.
>> I have no experience with Barnyard. Would I run a MySQL database on the
>> sensor and use Barnyard to send alerts to the central system?
> No. Snort logs to a unified log file, barnyard picks up new entries and
> sends them to the database server. The database server and barnyard can be
> on the same host, or different hosts. Barnyard and Snort must be on the
> same machine (unless you use NFS or something to share out the log
> director... ewwww...)
> To return to your original problem, though, what user is attempting to
> start snort at system boot? Do they have read access to all the snort
> config files? What error messages are given? (they might be in
> /var/log/messages or similar).
> Best Regards,
> Alex Butcher: Security & Integrity, Personal Computer Systems Group
> Information Systems and Computing GPG Key ID: F9B27DC9
> GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real users.
> Discover which products truly live up to the hype. Start reading now.
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
More information about the Snort-users