[Snort-users] Barnyard2 doesn't read alerts
daniele.gallarato at ...7874...
Thu Feb 13 11:08:58 EST 2014
I've installed snort with barnyard2 (that log into mysql) and aanval, but I
can't view any alerts.
I've searched for some days into the Internet, but with no luck.
My installation is onto Ubuntu 12.04.4 LTS.
Snort version is 126.96.36.199 GRE (Build 47).
Barnyard2 is 2.1.9 (Build 263).
Into snort.conf I've configured:
output unified2: filename snort.log, limit 128
Barnyard2 run as:
barnyard2 -D -c /etc/*snort*/barnyard.conf -d /var/log/*snort*/eth1 -w
/var/log/*snort*/eth1/barnyard2.waldo -l /var/log/*snort*/eth1 -a /var/log/
*snort*/eth1/archive -f *snort*.log -X /var/lock/barnyard2-eth1.pid
If I start barnyard2 interactive, I get:
--== Initializing Barnyard2 ==--
Initializing Input Plugins!
Initializing Output Plugins!
Parsing config file "/etc/snort/barnyard.conf"
Log directory = /var/log/snort/eth1
database: compiled support for (mysql)
database: configured to use mysql
database: schema version = 107
database: host = localhost
database: user = snort
database: database name = snortdb
database: sensor name = snort:eth1
database: sensor id = 2
database: sensor cid = 1
database: data encoding = hex
database: detail level = full
database: ignore_bpf = no
database: using the "log" facility
--== Initialization Complete ==--
______ -*> Barnyard2 <*-
/ ,,_ \ Version 2.1.9 (Build 263)
|o" )~| By the SecurixLive.com Team: http://www.securixlive.com/about.php
+ '''' + (C) Copyright 2008-2010 SecurixLive.
Snort by Martin Roesch & The Snort Team:
(C) Copyright 1998-2007 Sourcefire Inc., et al.
WARNING: Unable to open waldo file '/var/log/snort/eth1/barnyard2.waldo'
(No such file or directory)
Opened spool file '/var/log/snort/eth1/snort.log.1392303363'
Waiting for new data
Folder /var/log/snort/eth1/ has right permissions, and problem remains also
at second start.
snort.log.xx is populated properly by snort
mysql db is ok, if I change user or password into barnyard2 configuration,
it stop with an error.
Any suggestions will be appreciated.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users