[Snort-users] MySQL support for Snort 2.9.4

Kaya Saman kayasaman at ...11827...
Tue Dec 11 22:26:08 EST 2012


On 12/11/2012 09:54 PM, Joel Esler wrote:
>
> Doesn't sound like that was the problem.  Looks like you have a larger 
> problem.  Traffic not being received or analyzed correctly.  You said 
> that all you were getting was icmp alerts, and that doesn't sound 
> right (unless that's all you have)
>
> --
> *Joel Esler*
> Senior Research Engineer, VRT
> OpenSource Community Manager
> Sourcefire
>

Finally I got this working!!!! :-)

Basically all I needed to do was to add the paths for these in and take 
out all the other obsolete rules which weren't working:

include $RULE_PATH/decoder.rules
include $RULE_PATH/preprocessor.rules
include $RULE_PATH/sensitive-data.rules

Now I get alerts even!

The only issue is that Barnyard2 is now segfaulting when reading the 
Snort log files? :-( I keep getting "bus error" - which I've been having 
too much of lately!


Thanks for all the help!


Regards,


Kaya
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121212/fb5c85e2/attachment.html>


More information about the Snort-users mailing list