[Snort-users] Where's Waldo?

AllowOverride allowoverride at ...11827...
Tue Oct 9 15:08:11 EDT 2012


here are my response:

> 
> Step 1: Get snort working
its working
> Step 2: Setup a database for barnyard2 to write to
its working
> Step 3: Setup barnyard2 and verify that it's reading snort logs
its working
> Step 4: Verify that barnyard2 is writing to the database
its working
> Step 5: Verify that base can login to the db and read the alerts
its working - but when i clear the data tables on base browser gui, no
new data is being recorded. i noticed that if i restart the services, or
restart apache2, it will start displaying again... kinda odd, i would
have to restart anything,, wonders if base is really the right solution
at this point, or, maybe there is a switch to flick in it,, i dont see
it though, maybe in the base_config*'s. nothing yet, but i will keep
looking. not much documentation for base, if you know of any, other than
the READMES, let me know.
> 
> So - what are you logging with snort?
currently logging pings and anything that snort.rules finds
>   Are the logs there?
yep, see below
>   What format are 
> they in?  Does barnyard read that format?
unified2 format - snort.log.xxxxxx. not at first, but they are now.
> All these pieces are independent of each other.  
yes they are, agreed
> Snort will happily log 
> alerts all day long even if barnyard2 isn't installed.  
yes it will, agreed
> Barnyard2 will 
> happily sit and wait forever to read a snort log that never shows up.
yes it will, agreed
> Break the problem down into components.
i have been, staring with snort, then ufw, then pulledpork, then
barnyard2, then base, then snortreport, then jpgraph, in that order. 
>   Then verify each one before moving 
yep, thats how i do it
> to the next one.  Is snort working? Yes
yes - but not as easily as howtos say it will for deb 12.04
> , no.  If yes, move on.  If no, 
> troubleshoot.
yep, thats what i did/do
>  Rinse, lather, repeat.
out of soap, got an extra bar?

thanks. l8





More information about the Snort-users mailing list