[Snort-users] AANVAL or MYSQL question

Y M snort at ...15979...
Thu Apr 17 12:04:22 EDT 2014


Ok. Can you reply to my second question? 
 
>What is the db connection string in your barnyard2.conf? (remove private data).
 
YM
From: SGierczak at ...16714...
To: snort at ...15979...
CC: snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] AANVAL or MYSQL question
Date: Thu, 17 Apr 2014 12:35:45 +0000









Yes.  And it seems empty.
 
mysql> \u snortdb
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
 
Database changed
mysql> show tables;
+-------------------+
| Tables_in_snortdb |
+-------------------+
| data              |
| detail            |
| encoding          |
| event             |
| icmphdr           |
| iphdr             |
| opt               |
| reference         |
| reference_system  |
| schema            |
| sensor            |
| sig_class         |
| sig_reference     |
| signature         |
| tcphdr            |
| udphdr            |
+-------------------+
16 rows in set (0.00 sec)
 
mysql> select * from data limit 5;
Empty set (0.00 sec)
 
mysql> select * from event limit 5;
Empty set (0.00 sec)
 
mysql> select * from detail limit 5;
+-------------+-------------+
| detail_type | detail_text |
+-------------+-------------+
|           0 | fast        |
|           1 | full        |
+-------------+-------------+
2 rows in set (0.00 sec)
 


From: Y M [mailto:snort at ...15979...]


Sent: Thursday, April 17, 2014 7:33 AM

To: Gierczak, Stan

Cc: snort-users

Subject: RE: [Snort-users] AANVAL or MYSQL question


 


>From your database setup, Aanval has its own database. This means that Aanval app uses this particular database to do its job. However, your Aanval is pointing to another database completely. This is important because from the tables command
 you showed, Aanval database does not contain a table called "event", so Aanval does not know what or where to query the event data.


 


Did you run this against snortdb:


 


select * from even limit 5;    


 


What did it return?


 


What is the db connection string in your barnyard2.conf? (remove private data).


 


YM





From: SGierczak at ...16714...

To: snort at ...15979...

CC: snort-users at lists.sourceforge.net

Subject: RE: [Snort-users] AANVAL or MYSQL question

Date: Thu, 17 Apr 2014 11:45:45 +0000

>From my understanding, Barnyard is supposed to take the information that Snort collects and populate the snortdb(which I see nothing in the snortdb) and
 then aanval should present from that??  I think the issue is that barnyard is not populating? 

 
 


From: Y M [mailto:snort at ...15979...]


Sent: Wednesday, April 16, 2014 2:57 PM

To: Gierczak, Stan

Cc: snort-users

Subject: RE: [Snort-users] AANVAL or MYSQL question


 



Shouldn't the Database Name point to Anaval's own database(aanvaldb)? From the your previous post there seems lots of tables that Aanval depend on.


 


YM 





From: SGierczak at ...16714...

To: wkitty42 at ...14940...; snort-users at lists.sourceforge.net

Date: Wed, 16 Apr 2014 19:34:51 +0000

Subject: Re: [Snort-users] AANVAL or MYSQL question

 
 
That was from aanval  configuration/snort module settings.

 
-----Original Message-----

From: waldo kitty [mailto:wkitty42 at ...14940...] 

Sent: Wednesday, April 16, 2014 2:25 PM

To: snort-users at lists.sourceforge.net

Subject: Re: [Snort-users] AANVAL or MYSQL question
 
On 4/16/2014 2:18 PM, Gierczak, Stan wrote:
> So,  do I need to be concerned with:
> 
> Description: 
cid:image001.png at ...16789...
> 
> Also how can I see if the db is getting data into it?
 
where are you seeing that? what application are you looking at?
 
some thoughts:
 
do you have spaces in the database name?
do you have mixed-case characters in the database name?
what OS is the database running on? some are sensitive to mixed-case filenames...
 
 
--
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.
 
------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download
 your free book today!
http://p.sf.net/sfu/NeoTech
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
 
Please visit 
http://blog.snort.org to stay current on all the latest Snort news!



------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in
 the field, this first edition is now available. Download your free book today! 
http://p.sf.net/sfu/NeoTech

_______________________________________________ Snort-users mailing list 
Snort-users at lists.sourceforge.net Go to this URL to change user options or unsubscribe:

https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive:

http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit
http://blog.snort.org to stay current on all the latest Snort news!






 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140417/3c23c3ab/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 6552 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140417/3c23c3ab/attachment.png>


More information about the Snort-users mailing list