[Snort-users] FW: Snort 2.8.6 & Snort Report 1.3.1 with "NoData..."

Jun Wan junwei_wan at ...125...
Fri Aug 27 00:36:16 EDT 2010


Hi All,

Now Snort report 1.3.1 is working beautifully after I executed David's instructions, pls see followings:

jwan at ...14971...:~$ sudo /usr/local/snort/bin/snort -D -u snort -g snort -c /usr/local/snort/etc/snort.conf -i eth0

jwan at ...14971...:~$ sudo /usr/local/bin/barnyard2 -c /usr/local/snort/etc/barnyard2.conf -G /usr/local/snort/etc/gen­msg.map -S /usr/local/snort/etc/sid­msg.map -d /var/log/snort -f snort.u2 -w /var/log/snort/barnyard2.waldo

Many thanks for David's help again.

Regards
 
John





From: dgullett at ...13519...
To: snort-users at lists.sourceforge.net
Date: Thu, 26 Aug 2010 20:52:47 -0500
Subject: Re: [Snort-users] FW: Snort 2.8.6 & Snort Report 1.3.1 with "NoData..."


The '.' and ':' are functionally the same in the chown command... At least with the syntax in the guide.

John and I worked together and got his installation working. It was an issue with Barnyard2 not importing into MySQL.

Regards,









David Gullett | Symmetrix Technologies
dgullett at ...13519...





-----Original Message-----
From: Billy Marshall <Billy.Marshall at ...9988...>
To: Jun Wan <junwei_wan at ...125...>, snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] FW: Snort 2.8.6 & Snort Report 1.3.1 with "NoData..."
Date: Thu, 26 Aug 2010 07:51:23 -0600

as far as the chown command, yes, it is a typo. However, file location is a matter of preference and where ever the config files live you need to match them with how snort/barnyard is invoked. This could be a startup script or within the .conf files themselves. On the note that they fail to report try: mysql -usnort -p<your mysql password> -D snort -e "select count(*) from event" run this a few times if the database grows then either barnyard or snort is logging. Verify which by either commenting out output unified2: filename <your file name>, limit 128 --- from snort.conf for barnyard logging or output database: log, mysql, user=snort password=<your password> dbname=snort host=localhost --- from snort.conf for snort logging Last you may look in your log files where the alerts are kept to see if they are proper ownership. I have noticed if I run snort as a different user it creates an alert.xxx file with different ownership and when I start it with snort it gets hosed because of permissions. e.g make sure all log files for snort alerts are: chown snort:snort <path to log files> 
------------------------------------------------------------------------------Sell apps to millions through the Intel(R) Atom(Tm) Developer ProgramBe part of this innovative community and reach millions of netbook users worldwide. Take advantage of special opportunities to increase revenue and speed time-to-market. Join now, and jumpstart your future.http://p.sf.net/sfu/intel-atom-d2d_______________________________________________ Snort-users mailing list Snort-users at lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users

------------------------------------------------------------------------------ Sell apps to millions through the Intel(R) Atom(Tm) Developer Program Be part of this innovative community and reach millions of netbook users worldwide. Take advantage of special opportunities to increase revenue and speed time-to-market. Join now, and jumpstart your future. http://p.sf.net/sfu/intel-atom-d2d
_______________________________________________ Snort-users mailing list Snort-users at lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users 		 	   		  



More information about the Snort-users mailing list