[Snort-users] No Alerts on snorby-barnyard2

Paraskevas Lampadas parislampadas at ...11827...
Wed Jan 11 04:47:17 EST 2017


i have succesfully deployed snort-barnyard2-pulledpork-snorby on raspberry
pi 3, but i have no alerts on snorby gui nor on snorby database.

   1. I tried to reboot the server with no effect.
   2. I tried deleting all of snort's uni ed2 event logs and recreate the
   waldo fi le also with no effect.

On

/etc/snort/barnyard2.conf

i have added at the end the next line

output database: log, mysql, user=snorby password=password dbname=snorby
host=localhost sensor_name=sensor1

With top command i see 2 instances of barnyard2. One from user snort, and
one from root.

Here is my system log issued with

cat /var/log/syslog | grep barnyard

where i get an FATAL ERROR: Failed to Lock PID File
"/var/run//barnyard2_eth0.pid" for PID "5022".

Jan 10 23:19:29 raspberrypi-black barnyard2[4346]:
===============================================================================
Jan 10 23:19:29 raspberrypi-black barnyard2[4346]: Could not remove
pid file /var/run//barnyard2_eth0.pid: No such file or directory
Jan 10 23:19:30 raspberrypi-black barnyard2[4349]: Running in Continuous mode
Jan 10 23:19:30 raspberrypi-black barnyard2[4349]:
Jan 10 23:19:30 raspberrypi-black barnyard2[4349]:         --==
Initializing Barnyard2 ==--
Jan 10 23:19:30 raspberrypi-black barnyard2[4349]: Initializing Input Plugins!
Jan 10 23:19:30 raspberrypi-black barnyard2[4349]: Initializing Output Plugins!
Jan 10 23:19:30 raspberrypi-black barnyard2[4349]: Parsing config file
"/etc/snort/barnyard2.conf"
Jan 10 23:19:30 raspberrypi-black barnyard2[4349]: #012#012+[
Signature Suppress list ]+#012----------------------------
Jan 10 23:19:30 raspberrypi-black barnyard2[4349]: +[No entry in
Signature Suppress List]+
Jan 10 23:19:30 raspberrypi-black barnyard2[4349]:
----------------------------#012+[ Signature Suppress list ]+
Jan 10 23:28:59 raspberrypi-black barnyard2[4349]: Barnyard2 spooler:
Event cache size set to [2048]
Jan 10 23:28:59 raspberrypi-black barnyard2[4349]: Log directory =
/var/log/barnyard2
Jan 10 23:28:59 raspberrypi-black barnyard2[4349]: INFO database:
Defaulting Reconnect/Transaction Error limit to 10
Jan 10 23:28:59 raspberrypi-black barnyard2[4349]: INFO database:
Defaulting Reconnect sleep time to 5 second
Jan 10 23:28:59 raspberrypi-black barnyard2[4349]: Initializing daemon mode
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]: Daemon initialized,
signaled parent pid: 4349
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]: PID path stat
checked out ok, PID path set to /var/run/
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]: FATAL ERROR: Failed
to Lock PID File "/var/run//barnyard2_eth0.pid" for PID "5022"
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]: Barnyard2 exiting
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]: database: Closing
connection to database "snorby"
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]:
===============================================================================
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]: Record Totals:
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]:    Records:           0
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]:    Events:
 0 (0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]:    Packets:
  0 (0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]:    Unknown:
  0 (0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]:    Suppressed:
     0 (0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]:
===============================================================================
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]: Packet breakdown by
protocol (includes rebuilt packets):
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]:       ETH: 0
  (0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]:   ETHdisc: 0
  (0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]:      VLAN: 0
  (0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]:      IPV6: 0
  (0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]:   IP6 EXT: 0
  (0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]:   IP6opts: 0
  (0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]:   IP6disc: 0
  (0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]:       IP4: 0
  (0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]:   IP4disc: 0
  (0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]:     TCP 6: 0
  (0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[4349]: Daemon parent exiting
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]:     UDP 6: 0
  (0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]:     ICMP6: 0
  (0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]:   ICMP-IP: 0
  (0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]:       TCP: 0
  (0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]:       UDP: 0
  (0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]:      ICMP: 0
  (0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]:   TCPdisc: 0
  (0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]:   UDPdisc: 0
  (0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]:   ICMPdis: 0
  (0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]:      FRAG: 0
  (0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]:    FRAG 6: 0
  (0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]:       ARP: 0
  (0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]:     EAPOL: 0
  (0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]:   ETHLOOP: 0
  (0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]:       IPX: 0
  (0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]:     OTHER: 0
  (0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]:   DISCARD: 0
  (0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]: InvChkSum: 0
  (0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]:    S5 G 1: 0
  (0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]:    S5 G 2: 0
  (0.000%)
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]:     Total: 0
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]:
===============================================================================
Jan 10 23:28:59 raspberrypi-black barnyard2[5022]: Could not remove
pid file /var/run//barnyard2_eth0.pid: No such file or directory
Jan 10 23:29:00 raspberrypi-black barnyard2[5025]: Running in Continuous mode
Jan 10 23:29:00 raspberrypi-black barnyard2[5025]:
Jan 10 23:29:00 raspberrypi-black barnyard2[5025]:         --==
Initializing Barnyard2 ==--
Jan 10 23:29:00 raspberrypi-black barnyard2[5025]: Initializing Input Plugins!
Jan 10 23:29:00 raspberrypi-black barnyard2[5025]: Initializing Output Plugins!
Jan 10 23:29:00 raspberrypi-black barnyard2[5025]: Parsing config file
"/etc/snort/barnyard2.conf"
Jan 10 23:29:00 raspberrypi-black barnyard2[5025]: #012#012+[
Signature Suppress list ]+#012----------------------------
Jan 10 23:29:00 raspberrypi-black barnyard2[5025]: +[No entry in
Signature Suppress List]+
Jan 10 23:29:00 raspberrypi-black barnyard2[5025]:
----------------------------#012+[ Signature Suppress list ]+

Can someone help?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20170111/a7095ef7/attachment.html>


More information about the Snort-users mailing list