[Snort-users] Problems with snort, Barnyard2 and mysql database

Dmitry Korzhevin dmitry.korzhevin at ...15907...
Mon Oct 29 10:37:55 EDT 2012


Hello,

I use Debian 6.0.6 and install snort, barnyard2, and other stuff using 
guide: Snort 2.9.3.1 on Debian 6.0.5 by Jason Weir from 
http://www.snort.org/docs

When i make test run of snort with command:

/usr/local/bin/snort -A console -q -u snort -g snort -c 
/etc/snort/snort.conf -i eth0

i get normal output:

10/29-15:27:53.814919  [**] [1:10000001:0] ICMP test [**] [Priority: 0] 
{IPV6-ICMP} fe80::21c:42ff:fe6b:a311 -> fe80::ffff:1:1
10/29-15:27:54.810969  [**] [1:10000001:0] ICMP test [**] [Priority: 0] 
{IPV6-ICMP} fe80::21c:42ff:fe6b:a311 -> fe80::ffff:1:1
10/29-15:27:55.810942  [**] [1:10000001:0] ICMP test [**] [Priority: 0] 
{IPV6-ICMP} fe80::21c:42ff:fe6b:a311 -> fe80::ffff:1:1
10/29-15:28:02.370578  [**] [1:10000001:0] ICMP test [**] [Priority: 0] 
{ICMP} 89.252.56.204 -> 91.250.80.33
10/29-15:28:02.370690  [**] [1:10000001:0] ICMP test [**] [Priority: 0] 
{ICMP} 91.250.80.33 -> 89.252.56.204
10/29-15:28:03.373918  [**] [1:10000001:0] ICMP test [**] [Priority: 0] 
{ICMP} 89.252.56.204 -> 91.250.80.33
10/29-15:28:03.374001  [**] [1:10000001:0] ICMP test [**] [Priority: 0] 
{ICMP} 91.250.80.33 -> 89.252.56.204
10/29-15:28:04.373154  [**] [1:10000001:0] ICMP test [**] [Priority: 0] 
{ICMP} 89.252.56.204 -> 91.250.80.33
10/29-15:28:04.373243  [**] [1:10000001:0] ICMP test [**] [Priority: 0] 
{ICMP} 91.250.80.33 -> 89.252.56.204

When i run:

  /usr/local/bin/snort -q -u snort -g snort -c /etc/snort/snort.conf -i 
eth0 &

to start snort, and then start barnyard2:

/usr/local/bin/barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort 
-f snort.log -w /etc/snort/bylog.waldo -G /etc/snort/gen-msg.map -S
/etc/snort/sid-msg.map -C /etc/snort/classification.config &

I get output:

http://dpaste.com/820057/

Please help



Best Regards,
Dmitry

---
Dmitry KORZHEVIN
System Administrator
STIDIA S.A. - Luxembourg

e: dmitry.korzhevin at ...15907...
m: +38 093 874 5453
w: http://www.stidia.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4488 bytes
Desc: ���������������������������������� �������������� S/MIME
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121029/8772f656/attachment.bin>


More information about the Snort-users mailing list