[Snort-users] Problems with Snort, Barnyard2, BASE on SUSE 11

Joel Esler jesler at ...1935...
Wed Apr 28 15:35:21 EDT 2010

Do you have any information in the database?  Can you check that?


On Wed, Apr 28, 2010 at 3:04 PM, Michael Sloan <sloan at ...14851...> wrote:

> I've tried to set up Snort on SUSE Linux Enterprise Server 11, and have
> run into troubles. I think it might have been working at one point, but
> now i think it's stopped but I'm not sure, and not entirely sure I even
> compiled and configured everything correctly.
> I'm using Snort, Base 1.4.5, Barnyard2 1.8, and mySQL 5.0.67
> Barnyard2: compiled with --enable-mysql
> Snort: compiled with --enable-targetbased (I could not get --with-mysql
> to work, and didn't actually peruse the mailing lists until long after I
> got everything installed and possibly configured)
> In snort.conf:
>   output unified2: filename snort.log, limit 128
> In barnyard2.conf:
>   output database: alert, mysql, user=snort password=TopSecretPassword
> dbname=snort host=localhost
> mysql reports that the user snort at ...274... has
>   SELECT, INSERT, UPDATE on snort.sensor
> Snort is started with:
>   /usr/local/bin/snort -c /etc/snort/snort.conf -i eth0 -d -D -u snort
> And barnyard2 is started with:
>   /usr/local/bin/barnyard2 -c /etc/snort/barnyard2.conf -D -d
> /var/log/snort
>     -f snort.log -u snort
> After a couple of weeks, I see that snort.log is 133k, but no alerts
> whatsoever have been displayed in BASE. BASE is showing the proper
> database name, and user.
> I see in /var/log/messages (after restarting snort and barnyard2 today)
> that barnyard2 read 706 records from the 133k file. I do not see any
> errors in the mysqld logs.
> I've looked at installation guides for SUSE 10, Fedora Core 11, and read
> enough from different sources that now I really have no idea what could
> be wrong and after spending quite a few hours on this over the course of
> the last few weeks, I've run out of ideas on what to tweak and change.
> Any suggestions or (or requests for further information needed) would be
> greatly appreciated.
> --
> Michael Sloan
> Systems Administrator
> FSU Center for Advanced Power Systems
> sloan at ...14851...
> ------------------------------------------------------------------------------
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100428/8acb36fb/attachment.html>

More information about the Snort-users mailing list