[Snort-users] barnyard with snort

Davison, Charles Robert cdaviso1 at ...17214...
Fri Sep 25 15:31:20 EDT 2015


Robert,

I am traveling all day today, but can send you some documents tomorrow. The document covers how to install by2 for Ubuntu 14.04 LTS. I gave Mike a .pdf that covers a complete install. If he can send it today that would work. If not I can send you something tomorrow.

Sent from Outlook<http://aka.ms/Ox5hz3>

_____________________________
From: Farnsworth, Robert <robert.farnsworth at ...17317...<mailto:robert.farnsworth at ...17317...>>
Sent: Friday, September 25, 2015 8:46 AM
Subject: [Snort-users] barnyard with snort
To: <snort-users at lists.sourceforge.net<mailto:snort-users at ...5870....net>>


I submitted this before but did not received an answer or resolution. Any help would be appreciated. Let me know if you need any other information.


I get the following error when starting barnyard2 - [CacheSynchronize()],INFO: No system was found in cache (from signature map file), will not process or synchronize informations found in the database

Also not getting any alerts in mysql database.

Below is the command I run for Barnyard.



[root at ...17119... snort]# /usr/bin/barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.log -w /var/log/snort/barnyard.waldo&
[1] 12581
[root at ...17119... snort]# Running in Continuous mode

        --== Initializing Barnyard2 ==--
Initializing Input Plugins!
Initializing Output Plugins!
Parsing config file "/etc/snort/barnyard2.conf"


+[ Signature Suppress list ]+
----------------------------
+[No entry in Signature Suppress List]+
----------------------------
+[ Signature Suppress list ]+

Barnyard2 spooler: Event cache size set to [2048]
Log directory = /var/log/barnyard2
INFO database: Defaulting Reconnect/Transaction Error limit to 10
INFO database: Defaulting Reconnect sleep time to 5 second

[CacheSynchronize()],INFO: No system was found in cache (from signature map file), will not process or synchronize informations found in the database

database: compiled support for (mysql)
database: configured to use mysql
database: schema version = 107
database:           host = localhost
database:           user = snort_user
database:  database name = snortdb
database:    sensor name = localhost:eth2
database:      sensor id = 2
database:     sensor cid = 4
database:  data encoding = hex
database:   detail level = full
database:     ignore_bpf = no
database: using the "log" facility

        --== Initialization Complete ==--

  ______   -*> Barnyard2 <*-
/ ,,_  \  Version 2.1.13 (Build 327)
|o"  )~|  By Ian Firns (SecurixLive): http://www.securixlive.com/
+ '''' +  (C) Copyright 2008-2013 Ian Firns <firnsy at ...14568...<mailto:firnsy at ...14568...>>

Using waldo file '/var/log/snort/barnyard.waldo':
    spool directory = /var/log/snort
    spool filebase  = snort.log
    time_stamp      = 1435349813<tel:1435349813>
    record_idx      = 0
Waiting for new spool file

Thanks

Robert



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150925/f9a88344/attachment.html>


More information about the Snort-users mailing list