[Snort-users] barnyard failing to start upon pulled pork update

wgm-it at at ...17484...
Fri Apr 8 10:51:23 EDT 2016


Hi,

Some problems to start Barnyard2 with new Snort 2.9.8.2 installation.

 

 

Step 1

sudo /usr/local/bin/snort -u snort -g snort -c /etc/snort/snort.conf -i eth0
-D

OK

 

Step 2

sudo barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.u2 -w
/var/log/snort/barnyard2.waldo -g snort -u snort -D

OK

 

Step3

mysql -u snort -p -D snort -e "select count(*) from event"

OK - MySQL events number  increases (e.g. after ping)

 

Step 4

Kill snort process

kill barnyard2 process

 

Step 5

sudo /usr/local/bin/pulledpork.pl -c /etc/snort/pulledpork.conf -l 

Errors when generating Stub Rules

 

Step 6

sudo barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.u2 -w
/var/log/snort/barnyard2.waldo -g snort -u snort -D

barnyard2 hangs for 2 minutes

 

Step 7

mysql -u snort -p -D snort -e "select count(*) from event"

MySQL events number  remains constant (e.g. after ping)

 

 

Thanks a lot in advance for your cooperation.

 

 

Best regards

Alexej Teplitsky

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20160408/65c3023a/attachment.html>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: 1. barnyard2_log before rules update.txt
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20160408/65c3023a/attachment.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: 2. barnyard2_log after rules update.txt
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20160408/65c3023a/attachment-0001.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: 3. pulledpork_log.txt
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20160408/65c3023a/attachment-0002.txt>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 4. snort.conf
Type: application/octet-stream
Size: 27044 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20160408/65c3023a/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 5. barnyard2.conf
Type: application/octet-stream
Size: 11629 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20160408/65c3023a/attachment-0001.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 6. pulledpork.conf
Type: application/octet-stream
Size: 10453 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20160408/65c3023a/attachment-0002.obj>


More information about the Snort-users mailing list