[Snort-users] Barnyard2 doesn't read alerts

Daniele Gallarato daniele.gallarato at ...7874...
Thu Feb 13 11:08:58 EST 2014


Hello.
I've installed snort with barnyard2 (that log into mysql) and aanval, but I
can't view any alerts.
I've searched for some days into the Internet, but with no luck.
My installation is onto Ubuntu 12.04.4 LTS.
Snort version is 2.9.6.0 GRE (Build 47).
Barnyard2 is 2.1.9 (Build 263).

Into snort.conf I've configured:

output unified2: filename snort.log, limit 128

Barnyard2 run as:

barnyard2 -D -c /etc/*snort*/barnyard.conf -d /var/log/*snort*/eth1 -w
/var/log/*snort*/eth1/barnyard2.waldo -l /var/log/*snort*/eth1 -a /var/log/
*snort*/eth1/archive -f *snort*.log -X /var/lock/barnyard2-eth1.pid

If I start barnyard2 interactive, I get:

        --== Initializing Barnyard2 ==--

Initializing Input Plugins!

Initializing Output Plugins!

Parsing config file "/etc/snort/barnyard.conf"

Log directory = /var/log/snort/eth1

database: compiled support for (mysql)

database: configured to use mysql

database: schema version = 107

database:           host = localhost

database:           user = snort

database:  database name = snortdb

database:    sensor name = snort:eth1

database:      sensor id = 2

database:     sensor cid = 1

database:  data encoding = hex

database:   detail level = full

database:     ignore_bpf = no

database: using the "log" facility


        --== Initialization Complete ==--


  ______   -*> Barnyard2 <*-

 / ,,_  \  Version 2.1.9 (Build 263)

 |o"  )~|  By the SecurixLive.com Team: http://www.securixlive.com/about.php

 + '''' +  (C) Copyright 2008-2010 SecurixLive.


           Snort by Martin Roesch & The Snort Team:
http://www.snort.org/team.html

           (C) Copyright 1998-2007 Sourcefire Inc., et al.


WARNING: Unable to open waldo file '/var/log/snort/eth1/barnyard2.waldo'
(No such file or directory)

Opened spool file '/var/log/snort/eth1/snort.log.1392303363'

Waiting for new data


Folder /var/log/snort/eth1/ has right permissions, and problem remains also
at second start.

snort.log.xx is populated properly by snort

mysql db is ok, if I change user or password into barnyard2 configuration,
it stop with an error.


Any suggestions will be appreciated.


Daniele Gallarato
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140213/52c6d794/attachment.html>


More information about the Snort-users mailing list