[Snort-users] barnyard help
Maxwell, Jamison [HDS]
JMaxwell at ...16424...
Mon Jul 1 08:41:28 EDT 2013
I'm also having the same problem with the latest version of snort and barnyard. I turned on mysql logging and I was able to see a great deal of activity, however barnyard would only insert into the reference table, but not any of the others. Based on my observation of my current production system, I'm doing an upgrade, this is normal behavior if barnyard has a big log to work through, but at the end of processing it will insert into the other tables creating the alert we see in whatever front-end we choose (Snorby all the way!). However, there is no activity on any other table. This was true with both continuous processing and with batch processing.
Sr. Systems Administrator
HD Supply - Facilities Maintenance
From: Doug Metz [mailto:dwmetz at ...11827...]
Sent: Thursday, June 20, 2013 4:47 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] barnyard help
I've recently gotten a few of our snort sensors upgraded (re-installed) to v 2.9.4.
Snort itself tests fine
./snort -T -i eth0 -u snort -g snort -c /etc/snort/snort.conf
Barnyard tests fine
barnyard2 -c /etc/barnyard2.conf -d /var/log/snort -f merged.log -T
I see the file sizes for alert and snort.x logs incrementing.
Problem is that I don't see any events passing to the snort database.
Your assistance in troubleshooting is greatly appreciated.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users