[Snort-users] Barnyard2 launching problem

Marcin Dulak marcin.dulak at ...11827...
Tue Feb 21 19:42:37 EST 2017


On Wed, Feb 22, 2017 at 12:46 AM, Abdullah AL-Mutairy <
abohabeeb1412 at ...11827...> wrote:

>
> Hello everyone ..
>
> I've been trying to make snort work with MySQL for almost a month
>

the old tools like barnyard2, snorby, sguil etc. are no longer maintained.
Maybe try https://securityonion.net/


> but i keep getting errors in each step > look for a solution then bypass
> the problem.
>
> I'm following this guid here: http://computer-outlines.over-blog.com/
> article-nids-snort-barnyard2-apache2-base-with-ubuntu-14-
> 04-lts-123532107.html
>
> And now i'm stuck at "launching barnyard2" step! When i do the command:
>

where barnyard2 has been installed?
which barnyard2


> sudo /usr/local/bin/barnyard2 -c /etc/snort/barnyard2.conf -d
> /var/log/snort -f snort.log -w /var/log/barnyard2/bylog.waldo -C
> /etc/snort/classification.config
>
> I get an error because /usr/local/bin/ is empty.
>
> The guid is good and clear but i have a feeling that it might be missing
> some small parts like DAQ package,  is that right?
>
> All i wanted is to read the snort logs!
>

barnyard is not needed for reading the logs. Assuming you have unified2 log
https://github.com/jasonish/py-idstools will do, see
http://seclists.org/snort/2017/q1/11

Marcin


> But couldn't make it work!
>
> Please help me >_<
>
> Your help is much appreciated
> . . . . .
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20170222/c5d52f92/attachment.html>


More information about the Snort-users mailing list