[Snort-users] MySQL support for Snort 2.9.4

Jeremy Hoel jthoel at ...11827...
Tue Dec 11 22:37:41 EST 2012


Yeah you!  Are you outputting snort in unified2 format and reading that
with barnyard2?

Share your snort.conf output lines.
On Dec 11, 2012 8:29 PM, "Kaya Saman" <kayasaman at ...11827...> wrote:

>  On 12/11/2012 09:54 PM, Joel Esler wrote:
>
>
>  Doesn't sound like that was the problem.  Looks like you have a larger
> problem.  Traffic not being received or analyzed correctly.  You said that
> all you were getting was icmp alerts, and that doesn't sound right (unless
> that's all you have)
>
>  --
> *Joel Esler*
> Senior Research Engineer, VRT
> OpenSource Community Manager
> Sourcefire
>
>
> Finally I got this working!!!! :-)
>
> Basically all I needed to do was to add the paths for these in and take
> out all the other obsolete rules which weren't working:
>
> include $RULE_PATH/decoder.rules
> include $RULE_PATH/preprocessor.rules
> include $RULE_PATH/sensitive-data.rules
>
> Now I get alerts even!
>
> The only issue is that Barnyard2 is now segfaulting when reading the Snort
> log files? :-( I keep getting "bus error" - which I've been having too much
> of lately!
>
>
> Thanks for all the help!
>
>
> Regards,
>
>
> Kaya
>
>
> ------------------------------------------------------------------------------
> LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
> Remotely access PCs and mobile devices and provide instant support
> Improve your efficiency, and focus on delivering more value-add services
> Discover what IT Professionals Know. Rescue delivers
> http://p.sf.net/sfu/logmein_12329d2d
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121211/08f77253/attachment.html>


More information about the Snort-users mailing list