[Snort-users] AANVAL or MYSQL question
wkitty42 at ...14940...
Mon Apr 21 20:20:40 EDT 2014
On 4/21/2014 1:54 PM, Gierczak, Stan wrote:
> Like I said. You are losing me a little. I am running barnyard as a startup when the system comes up, or by:
> service barnyard2 start/stop
ok... that helps... the only other thing is what the barnyard2 startup script
does BUT we shouldn't need that at this time...
> I believe that all the configuration then comes from the /usr/local/etc/barnyard2.conf.
> In that file are the following which are uncommented:
> config reference_file: /etc/snort/reference.config
> config classification_file: /etc/snort/classification.config
> config gen_file: /etc/snort/gen-msg.map
> config sid_file: /etc/snort/sid-msg.map
> config daemon
> input unified2
> output alert_fast: stdout
> output database: log, mysql, user=snort_user password=snortuser dbname=snortdb host=localhost
> When I stop and start barnyard, the following gets generated in the syslog file:
AFAIK, that all looks good...
> Apr 21 12:44:08 rlicsnortids1 barnyard2: Running in Continuous mode
> Apr 21 12:44:09 rlicsnortids1 barnyard2: Waiting for new data
this says that barnyard2 is waiting on snort to write data to the
snort.log.xxxxxxxxxxxx pcap files... this i'm not sure about... a default snort
creates pcap files with names like that but barnyard2 wants unified2 binary log
files... so what does your snort.conf file's output section look like, please?
there may be more than one entry... i forget what "Step" it is at the moment...
> Thanks for your help again.
all of us volunteers are here to help as and when we can ;)
NOTE: No off-list assistance is given without prior approval.
Please keep mailing list traffic on the list unless
private contact is specifically requested and granted.
More information about the Snort-users