[Snort-users] Install Snort on Ubuntu with mysql and SnortReports

Atkins, Dwane P ATKINSD at ...9240...
Wed Nov 10 13:14:21 EST 2010


If I do a ps -A | grep barnyard, I do not see any processes.  Should it be running?

Dwane

-----Original Message-----
From: Castle, Shane [mailto:scastle at ...14946...] 
Sent: Wednesday, November 10, 2010 10:11 AM
To: Atkins, Dwane P; snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] Install Snort on Ubuntu with mysql and SnortReports

Hard to say. We'd have to look at your (snort|barnyard).conf files.
Also, all the junk you are putting on the command line for the barnyard
options can be put into a config file. Look at this from one of my
barnyard2 config files (some info deleted):

config logdir: /var/snort/barnyard-eth2
config waldo_file: /var/snort/barnyard-eth2/waldo
config reference_file:      /etc/snort/reference.config
config classification_file: /etc/snort/classification.config
config gen_file:            /etc/snort/gen-msg.map
config sid_file:                /etc/snort/sid-msg.map
config sid_file:                /etc/snort/rules/emerging-sid-msg.map
config sid_file:                /etc/snort/local-sid-msg.map
config alert_with_interface_name
config alert_on_each_packet_in_stream
config daemon
config set_gid: IDS
config set_uid: snort
config decode_data_link
config dump_payload_verbose
config show_year
config umask: 002
config process_new_records_only
input unified2
output database: alert, mysql, dbname=XXXXXX user=XXXXXXXX
host=localhost password=XXXXXXXX

-- 
Shane Castle
Data Security Mgr, Boulder County IT
CISSP GSEC GCIH

-----Original Message-----
From: Atkins, Dwane P [mailto:ATKINSD at ...9240...] 
Sent: Wednesday, November 10, 2010 08:45
To: 'snort-users at lists.sourceforge.net'
Subject: [Snort-users] Install Snort on Ubuntu with mysql and
SnortReports

I am still working at this.  

 

I am not sure I am reporting to the mysql database at this point.

 

Is this proper:

 

snorttest at ...15047...:~$ ps -aux | grep snort

Warning: bad ps syntax, perhaps a bogus '-'? See
http://procps.sf.net/faq.html

snort     1681  0.0  4.0 188532 126048 ?       Ss   Nov09   0:02
/usr/local/snort/bin/snort -D -u snort -g snort -c
/usr/local/snort/etc/snort.conf -i eth0

root      1683  0.0  0.0   5324  1244 ?        Ss   Nov09   0:02
/usr/local/bin/barnyard2 -c /usr/local/snort/etc/barnyard2.conf -G
/usr/local/snort/etc/gen-msg.map -S /usr/local/snort/sid-msg.map -d
/var/log/snort -f snort.u2 -w /var/log/snort/barnyard2.waldo -D

root      2236  0.0  0.1   8936  3124 ?        Ss   09:28   0:00 sshd:
snorttest [priv]

1000      2308  0.0  0.0   8936  1520 ?        S    09:28   0:00 sshd:
snorttest at ...13997.../0

1000      2362  0.0  0.0   4012   756 pts/0    S+   09:43   0:00 grep
--color=auto snort

 

I just need to see some packets in the mysql dump.  Any help would be
appreciated at this point.

 

HTnak you all for your help yesterday.


Dwane





More information about the Snort-users mailing list