[Snort-users] Snort & Barnyard

James Hodge james at ...16645...
Mon Dec 23 10:20:04 EST 2013


Hi,

Thanks for your reply. Yes, at least I think so, I'm running snort like
this:
/usr/sbin/snort -A fast -b -d -D -i eth1 -u snort -g snort -c
/etc/snort/snort.conf -l /usr/local/snort/var/log/eth1

Starting barnyard without daemon mode shows this only:

root at ...16640...:/var/www/aanval/apps# barnyard2 -c /etc/snort/barnyard.conf
-d /usr/local/snort/var/log/eth1 -w
/usr/local/snort/var/log/eth1/barnyard2.waldo -l
/usr/local/snort/var/log/eth1 -a /usr/local/snort/var/log/eth1/archive -f
snort.log -X /var/lock/barnyard2-eth1.pid
Running in Continuous mode

        --== Initializing Barnyard2 ==--
Initializing Input Plugins!
Initializing Output Plugins!
Parsing config file "/etc/snort/barnyard.conf"


+[ Signature Suppress list ]+
----------------------------
+[No entry in Signature Suppress List]+
----------------------------
+[ Signature Suppress list ]+


Barnyard2 spooler: Event cache size set to [2048]
Log directory = /usr/local/snort/var/log/eth1
INFO database: Defaulting Reconnect/Transaction Error limit to 10
INFO database: Defaulting Reconnect sleep time to 5 second

[SignatureReferencePullDataStore()]: No Reference found in database ...
database: compiled support for (mysql)
database: configured to use mysql
database: schema version = 107
database:           host = localhost
database:           user = snort_user
database:  database name = snortdb
database:    sensor name = localhost:eth1
database:      sensor id = 2
database:     sensor cid = 1
database:  data encoding = hex
database:   detail level = full
database:     ignore_bpf = no
database: using the "log" facility

        --== Initialization Complete ==--

  ______   -*> Barnyard2 <*-
 / ,,_  \  Version 2.1.13 (Build 327)
 |o"  )~|  By Ian Firns (SecurixLive): http://www.securixlive.com/
 + '''' +  (C) Copyright 2008-2013 Ian Firns <firnsy at ...14568...>

Using waldo file '/usr/local/snort/var/log/eth1/barnyard2.waldo':
    spool directory = /usr/local/snort/var/log/eth1
    spool filebase  = snort.log
    time_stamp      = 1387663189
    record_idx      = 0
Opened spool file '/usr/local/snort/var/log/eth1/snort.log.1387663189'
Closing spool file '/usr/local/snort/var/log/eth1/snort.log.1387663189'.
Read 0 records
Opened spool file '/usr/local/snort/var/log/eth1/snort.log.1387811302'
Waiting for new data

If I then press ctrl-c it says it's seen 0 for every field.

If it helps, this is the dir in question:

root at ...16640...:/var/www/aanval/apps# ls -al /usr/local/snort/var/log/eth1/
total 98184
drwxr-xr-x 4 snort snort      4096 Dec 23 15:11 .
drwxr-xr-x 4 snort snort      4096 Dec 21 22:27 ..
-rw-r--r-- 1 snort snort 100383823 Dec 23 15:13 alert
drwxr-xr-x 2 snort snort      4096 Dec 23 15:11 archive
-rw------- 1 snort snort      2056 Dec 23 15:11 barnyard2.waldo
-rw------- 1 snort snort    128173 Dec 23 15:13 snort.log.1387811302



On 22 December 2013 23:29, Ayodele Okeowo <aymacro at ...11827...> wrote:

> When you ran snort did you use the ' console -A' switch? Also did you test
> tour barnyard without daemon?
> On Dec 22, 2013 6:04 PM, "James" <snort at ...16635...> wrote:
>
>> Hi all,
>>
>> I've followed this guide:
>> http://wiki.aanval.com/wiki/Community:Snort_2.9.2.3_Installation_Guide_for_Ubuntu_12.04,_with_Barnyard2,_Pulledpork,_and_Aanval
>> but using the most current Snort + Barnyard and everything seems to have
>> installed and start-up correctly, but I'm not seeing anything get logged
>> into the MySQL database. There were a few mistakes in the guide, which I've
>> managed to fix with a bit of Googling, but I can't seem to solve this. I
>> realise you're probably going to need more information to be able to help,
>> but don't know enough yet to guess what that might be. Can anyone help
>> please? The alternative is I wipe it all and start again in the hope I just
>> missed something stupid the first time, but hopefully someone could help me
>> avoid that?
>>
>> Thanks
>> James
>>
>>
>> ------------------------------------------------------------------------------
>> Rapidly troubleshoot problems before they affect your business. Most IT
>> organizations don't have a clear picture of how application performance
>> affects their revenue. With AppDynamics, you get 100% visibility into your
>> Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics
>> Pro!
>>
>> http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>
>> Please visit http://blog.snort.org to stay current on all the latest
>> Snort news!
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20131223/9a481072/attachment.html>


More information about the Snort-users mailing list