[Snort-users] Where's Waldo?

Paul Schmehl pschmehl_lists at ...14358...
Tue Oct 9 11:57:12 EDT 2012

--On October 9, 2012 8:36:25 AM -0700 AllowOverride 
<allowoverride at ...11827...> wrote:

> can someone help me:
> why is snort barnyard2 not logging to base-1.4.5 mysql db.?

Step 1: Get snort working
Step 2: Setup a database for barnyard2 to write to
Step 3: Setup barnyard2 and verify that it's reading snort logs
Step 4: Verify that barnyard2 is writing to the database
Step 5: Verify that base can login to the db and read the alerts

So - what are you logging with snort?  Are the logs there?  What format are 
they in?  Does barnyard read that format?

All these pieces are independent of each other.  Snort will happily log 
alerts all day long even if barnyard2 isn't installed.  Barnyard2 will 
happily sit and wait forever to read a snort log that never shows up.

Break the problem down into components.  Then verify each one before moving 
to the next one.  Is snort working? Yes, no.  If yes, move on.  If no, 
troubleshoot. Rinse, lather, repeat.
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
"It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead." Thomas Jefferson
"There are some ideas so wrong that only a very
intelligent person could believe in them." George Orwell

