[Snort-users] Snort / Barnyard2 Issues - 2

AllowOverride allowoverride at ...11827...
Fri Oct 5 16:45:02 EDT 2012


here are all my configs for the 6 programs in question minus base-1.4.5
configs, not there yet.

please take a look and let me know where i have made mistakes. thanks in
advance.

i am also interested: 

/usr/local/bin/snort -A fast -q -u snort -g snort \
-c /etc/snort/etc/snort.conf -i eth0

or 

/usr/local/bin/snort -A console -q -u snort -g snort
-c /etc/snort/etc/snort.conf -i eth0

I am seeing pings from defined test rule for local.rules working only,
and not the snort.rules. snort.rules was updated by pp.pl successfully,
however, the only way snort outputs anything in logs or on console per
those cmds above works ONLY when i cat snort.rules >> local.rules, or
simply by local.rules itself. I notice in the Howtos, they stated to #
$RULES all of them except local.rules in snort.conf. i assume for
testing, but the new snort way says only one large rules file ie.
snort.rules. 

i am trying to log info first to mysql, and from there other progs like
base and snortreports and jpgraph will display from mysql data.

right now, snort works - sorta, in that is is creating a unified2 output
file in /var/log/snort.log.xxxx but is not able to be input to the db
via barnyard2. i am just using a simple fast logger to mysql process,
thats it, at the moment. 

i have included all my .confs in CONFS.tar.gz attached. PLEASE take a
gander, say what ever you wish, i really appreciate the help an input. 

sorry for sloppy format of all my emails, im trying to make it simple,
sometimes thats hard. 

i will be back in a few hours, i need a break..
to see any findings... 

please ask for any input i can give you, whree things are, so forth so
on, i will answer as quickly as possible.

thank you!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: CONFS.tar.gz
Type: application/x-compressed-tar
Size: 36509 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121005/5996bc4f/attachment.bin>


More information about the Snort-users mailing list