[Snort-users] I have a problem snort. Barnyard2 doesn't write log file to mysql. PLS HELP ME!!!

serikjan nurgaiv shikilik at ...11827...
Thu Sep 5 00:22:32 EDT 2013


When i start my services (snort, mysql, http, barnyard2) start fine. In my
log file (var/log/snort) written alerts. But in my database (mysql) empty.
*I can see the alerts
*


*[root at ...274... Desktop]# vi /usr/local/snort/etc/snort.conf *

var RULE_PATH /usr/local/snort/rules
var SO_RULE_PATH /usr/local/snort/so_rules
var PREPROC_RULE_PATH /usr/local/snort/preproc_rules

# If you are using reputation preprocessor set these
# Currently there is a bug with relative paths, they are relative to where
snort is
# not relative to snort.conf like the above variables
# This is completely inconsistent with how other vars work, BUG 89986
# Set the absolute path appropriately
var WHITE_LIST_PATH /usr/local/snort/rules
var BLACK_LIST_PATH /usr/local/snort/rules
var CONF_PATH /usr/local/etc/snort
var LIB_PATH /usr/local/lib
var SORULE_PATH $CONF_PATH/so_rules

*[root at ...274... Desktop]# vi /etc/snort/barnyard.conf*

output unified2: filename snort.u2, limit 128

config reference_file:      /etc/snort/reference.config
config classification_file: /etc/snort/classification.config
config gen_file:            /etc/snort/gen-msg.map
config sid_file:            /etc/snort/sid-msg.map
config hostname: localhost
config interface: eth0
output database: log, mysql, user=snort password=snort dbname=snort
host=localhost

*But my database is empty*
mysql> use snort;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> select * from event;
Empty set (0.00 sec)

mysql>


*And I configure BASE SYSTEM. Also can't connect mysql.*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130905/884ae999/attachment.html>


More information about the Snort-users mailing list