<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
p
        {mso-style-priority:99;
        mso-margin-top-alt:auto;
        margin-right:0in;
        mso-margin-bottom-alt:auto;
        margin-left:0in;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
        {mso-style-priority:99;
        mso-style-link:"Balloon Text Char";
        margin:0in;
        margin-bottom:.0001pt;
        font-size:8.0pt;
        font-family:"Tahoma","sans-serif";}
p.ecxmsonormal, li.ecxmsonormal, div.ecxmsonormal
        {mso-style-name:ecxmsonormal;
        mso-margin-top-alt:auto;
        margin-right:0in;
        mso-margin-bottom-alt:auto;
        margin-left:0in;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
p.ecxmsoacetate, li.ecxmsoacetate, div.ecxmsoacetate
        {mso-style-name:ecxmsoacetate;
        mso-margin-top-alt:auto;
        margin-right:0in;
        mso-margin-bottom-alt:auto;
        margin-left:0in;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
p.ecxmsochpdefault, li.ecxmsochpdefault, div.ecxmsochpdefault
        {mso-style-name:ecxmsochpdefault;
        mso-margin-top-alt:auto;
        margin-right:0in;
        mso-margin-bottom-alt:auto;
        margin-left:0in;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
p.ecxmsonormal1, li.ecxmsonormal1, div.ecxmsonormal1
        {mso-style-name:ecxmsonormal1;
        mso-margin-top-alt:auto;
        margin-right:0in;
        mso-margin-bottom-alt:auto;
        margin-left:0in;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
p.ecxmsoacetate1, li.ecxmsoacetate1, div.ecxmsoacetate1
        {mso-style-name:ecxmsoacetate1;
        mso-margin-top-alt:auto;
        margin-right:0in;
        mso-margin-bottom-alt:auto;
        margin-left:0in;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
p.ecxmsochpdefault1, li.ecxmsochpdefault1, div.ecxmsochpdefault1
        {mso-style-name:ecxmsochpdefault1;
        mso-margin-top-alt:auto;
        margin-right:0in;
        mso-margin-bottom-alt:auto;
        margin-left:0in;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
span.ecxmsohyperlink
        {mso-style-name:ecxmsohyperlink;}
span.ecxmsohyperlinkfollowed
        {mso-style-name:ecxmsohyperlinkfollowed;}
span.ecxmsohyperlink1
        {mso-style-name:ecxmsohyperlink1;}
span.ecxmsohyperlinkfollowed1
        {mso-style-name:ecxmsohyperlinkfollowed1;}
span.ecxemailstyle171
        {mso-style-name:ecxemailstyle171;}
span.ecxballoontextchar1
        {mso-style-name:ecxballoontextchar1;}
span.ecxemailstyle32
        {mso-style-name:ecxemailstyle32;}
span.ecxballoontextchar
        {mso-style-name:ecxballoontextchar;}
p.ecxmsonormal2, li.ecxmsonormal2, div.ecxmsonormal2
        {mso-style-name:ecxmsonormal2;
        mso-margin-top-alt:auto;
        margin-right:0in;
        mso-margin-bottom-alt:auto;
        margin-left:0in;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
span.ecxmsohyperlink2
        {mso-style-name:ecxmsohyperlink2;
        color:blue;
        text-decoration:underline;}
span.ecxmsohyperlinkfollowed2
        {mso-style-name:ecxmsohyperlinkfollowed2;
        color:purple;
        text-decoration:underline;}
p.ecxmsoacetate2, li.ecxmsoacetate2, div.ecxmsoacetate2
        {mso-style-name:ecxmsoacetate2;
        mso-margin-top-alt:auto;
        margin-right:0in;
        mso-margin-bottom-alt:auto;
        margin-left:0in;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
p.ecxmsochpdefault2, li.ecxmsochpdefault2, div.ecxmsochpdefault2
        {mso-style-name:ecxmsochpdefault2;
        mso-margin-top-alt:auto;
        margin-right:0in;
        mso-margin-bottom-alt:auto;
        margin-left:0in;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
p.ecxmsonormal11, li.ecxmsonormal11, div.ecxmsonormal11
        {mso-style-name:ecxmsonormal11;
        mso-margin-top-alt:auto;
        margin-right:0in;
        mso-margin-bottom-alt:auto;
        margin-left:0in;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif";}
span.ecxmsohyperlink11
        {mso-style-name:ecxmsohyperlink11;
        color:blue;
        text-decoration:underline;}
span.ecxmsohyperlinkfollowed11
        {mso-style-name:ecxmsohyperlinkfollowed11;
        color:purple;
        text-decoration:underline;}
p.ecxmsoacetate11, li.ecxmsoacetate11, div.ecxmsoacetate11
        {mso-style-name:ecxmsoacetate11;
        mso-margin-top-alt:auto;
        margin-right:0in;
        mso-margin-bottom-alt:auto;
        margin-left:0in;
        font-size:8.0pt;
        font-family:"Tahoma","sans-serif";}
span.ecxemailstyle1711
        {mso-style-name:ecxemailstyle1711;
        font-family:"Calibri","sans-serif";
        color:windowtext;}
span.ecxballoontextchar11
        {mso-style-name:ecxballoontextchar11;
        font-family:"Tahoma","sans-serif";}
p.ecxmsochpdefault11, li.ecxmsochpdefault11, div.ecxmsochpdefault11
        {mso-style-name:ecxmsochpdefault11;
        mso-margin-top-alt:auto;
        margin-right:0in;
        mso-margin-bottom-alt:auto;
        margin-left:0in;
        font-size:12.0pt;
        font-family:"Calibri","sans-serif";}
span.ecxemailstyle321
        {mso-style-name:ecxemailstyle321;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
span.ecxballoontextchar2
        {mso-style-name:ecxballoontextchar2;
        font-family:"Tahoma","sans-serif";}
span.EmailStyle46
        {mso-style-type:personal-reply;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
span.BalloonTextChar
        {mso-style-name:"Balloon Text Char";
        mso-style-priority:99;
        mso-style-link:"Balloon Text";
        font-family:"Tahoma","sans-serif";}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I got the following(see below).  Aanvaldb was created as part of the install instructions that I followed when aanval was installed, snortdb was created as
 part of the instructions for snort install.  The schema for snortdb was created from the barnyard install.  It seems that neither db has any data.  The alert file under eth0 does contain data(see below).  It just seems that it is not getting into mysql.  The
 install instructions that I followed are:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><a href="http://wiki.aanval.com/wiki/Community:Snort_2.9.2.3_Installation_Guide_for_Ubuntu_12.04,_with_Barnyard2,_Pulledpork,_and_Aanval">http://wiki.aanval.com/wiki/Community:Snort_2.9.2.3_Installation_Guide_for_Ubuntu_12.04,_with_Barnyard2,_Pulledpork,_and_Aanval</a><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Thanks for your assistance.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">mysql> show databases<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">    -> ;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">+--------------------+<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| Database           |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">+--------------------+<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| information_schema |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| aanvaldb           |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| mysql              |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| performance_schema |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| snortdb            |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| test               |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">+--------------------+<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">6 rows in set (0.00 sec)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">mysql> use snortdb<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Reading table information for completion of table and column names<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">You can turn off this feature to get a quicker startup with -A<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Database changed<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">mysql> show tables<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">    -> ;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">+-------------------+<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| Tables_in_snortdb |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">+-------------------+<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| data              |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| detail            |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| encoding          |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| event             |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| icmphdr           |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| iphdr             |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| opt               |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| reference         |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| reference_system  |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| schema            |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| sensor            |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| sig_class         |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| sig_reference     |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| signature         |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| tcphdr            |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| udphdr            |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">+-------------------+<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">16 rows in set (0.00 sec)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">mysql> use aanvaldb<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Reading table information for completion of table and column names<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">You can turn off this feature to get a quicker startup with -A<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Database changed<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">mysql> show tables;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">+------------------------------------+<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| Tables_in_aanvaldb                 |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">+------------------------------------+<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| idsActionMaster                    |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| idsActionStore                     |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| idsCollection                      |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| idsCollectionStore                 |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| idsDataStore                       |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| idsDataStore_1000_Events           |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| idsDataStore_1000_Master           |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| idsDataStore_1000_Review_Index     |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| idsDataStore_1000_Tag_Index        |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| idsDataStore_1000_Text             |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| idsDataStore_1000_Text_Index       |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| idsDataStore_1000_Timescale        |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| idsDataStore_TEMPLATE_Events       |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| idsDataStore_TEMPLATE_Master       |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| idsDataStore_TEMPLATE_Review_Index |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| idsDataStore_TEMPLATE_Tag_Index    |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| idsDataStore_TEMPLATE_Text         |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| idsDataStore_TEMPLATE_Text_Index   |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| idsDataStore_TEMPLATE_Timescale    |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| idsDeviceAddresses                 |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| idsDeviceMeta                      |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| idsDeviceServices                  |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| idsDeviceTypes                     |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| idsDevices                         |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| idsEmail                           |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| idsGeoCache                        |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| idsGeoData                         |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| idsGeoLocation                     |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| idsHostnames                       |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| idsImportFilters                   |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| idsLicense                         |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| idsMessageQueue                    |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| idsModules                         |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| idsNetworks                        |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| idsNotes                           |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| idsOps                             |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| idsQueries                         |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| idsReconnaissanceResults           |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| idsReportSchedule                  |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| idsSensor                          |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| idsSensorManage                    |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| idsSensorManageMessages            |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| idsSensorPolicy                    |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| idsSignaturePolicyIndex            |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| idsSignatureSources                |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| idsSignatures                      |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| idsSyslogModule                    |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| idsTags                            |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| idsTimezones                       |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| idsUserMessages                    |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">| idsUsers                           |<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">+------------------------------------+<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">51 rows in set (0.00 sec)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">-rw-r--r-- 1 root  root  46367479 Apr 16 14:21 alert<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">04/16-14:19:59.243731  [**] [3:19187:3] BAD-TRAFFIC TMG Firewall Client long host entry exploit attempt [**] [Classification: Attempted User Privilege Gain]
 [Priority: 1] {UDP} 8.8.8.8:53 -> 107.0.43.250:58557<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">04/16-14:19:59.250812  [**] [3:21355:2] BAD-TRAFFIC potential dns cache poisoning attempt - mismatched txid [**] [Classification: Attempted Information Leak]
 [Priority: 2] {UDP} 8.8.8.8:53 -> 107.0.43.250:58841<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">04/16-14:19:59.610969  [**] [3:19187:3] BAD-TRAFFIC TMG Firewall Client long host entry exploit attempt [**] [Classification: Attempted User Privilege Gain]
 [Priority: 1] {UDP} 8.8.8.8:53 -> 107.0.43.250:51590<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">04/16-14:19:59.654224  [**] [3:19187:3] BAD-TRAFFIC TMG Firewall Client long host entry exploit attempt [**] [Classification: Attempted User Privilege Gain]
 [Priority: 1] {UDP} 8.8.8.8:53 -> 107.0.43.250:64686<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">04/16-14:19:59.655229  [**] [3:19187:3] BAD-TRAFFIC TMG Firewall Client long host entry exploit attempt [**] [Classification: Attempted User Privilege Gain]
 [Priority: 1] {UDP} 8.8.8.8:53 -> 107.0.43.250:60128<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">04/16-14:19:59.657639  [**] [3:19187:3] BAD-TRAFFIC TMG Firewall Client long host entry exploit attempt [**] [Classification: Attempted User Privilege Gain]
 [Priority: 1] {UDP} 8.8.8.8:53 -> 107.0.43.250:62473<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Y M [mailto:snort@...15979...]
<br>
<b>Sent:</b> Wednesday, April 16, 2014 1:52 PM<br>
<b>To:</b> Gierczak, Stan<br>
<b>Cc:</b> snort-users<br>
<b>Subject:</b> RE: [Snort-users] AANVAL or MYSQL question<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif"">How did you setup the database? Was it Aanval or you used the schema file that comes with Barnyard2?<br>
 <br>
>From the command (or your MySQL GUI), login to MySQL:<br>
mysql -u [user] -p       <br>
you will be prompted for the password.<br>
 <br>
type:<br>
show databases;<br>
 <br>
This should show all of the available database instances. If you know the database name, type:<br>
 <br>
use [databaseName];<br>
show tables;<br>
select * from [tableName] limit 5;<br>
 <br>
The above will allow to select the database you specify, enumerate the tables, then query 5 records from a table you specify. Look for the "event" table. This is may be different in your case, as I am not familiar with Aanval schema or their internal naming
 conventions.<br>
 <br>
YM<br>
 <o:p></o:p></span></p>
<div>
<div class="MsoNormal" align="center" style="text-align:center"><span style="font-family:"Calibri","sans-serif"">
<hr size="2" width="100%" align="center" id="stopSpelling">
</span></div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="font-family:"Calibri","sans-serif"">From: SGierczak@...16793.....<br>
To: snort@...15979...<br>
CC: snort-users@lists.sourceforge.net<br>
Subject: RE: [Snort-users] AANVAL or MYSQL question<br>
Date: Wed, 16 Apr 2014 18:18:32 +0000<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">So,  do I need to be concerned with:</span><span style="font-family:"Calibri","sans-serif""><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><img border="0" width="608" height="116" id="ecxPicture_x0020_1" src="cid:image001.png@...843.....16795..." alt="Description: cid:image001.png@...16789..."></span><span style="font-family:"Calibri","sans-serif""><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><span style="font-family:"Calibri","sans-serif""><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Also how can I see if the db is getting data into it?</span><span style="font-family:"Calibri","sans-serif""><o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><span style="font-family:"Calibri","sans-serif""><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><span style="font-family:"Calibri","sans-serif""><o:p></o:p></span></p>
<div>
<div style="border:none;border-top:solid windowtext 1.0pt;padding:3.0pt 0in 0in 0in;border-color:currentColor currentColor">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Y M [mailto:snort@...15979...]
<br>
<b>Sent:</b> Wednesday, April 16, 2014 12:03 PM<br>
<b>To:</b> Gierczak, Stan<br>
<b>Cc:</b> snort-users<br>
<b>Subject:</b> RE: [Snort-users] AANVAL or MYSQL question</span><span style="font-family:"Calibri","sans-serif""><o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif""> <o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif"">>The only error I see is about WALDO.  Not sure if that is an issue or not.<br>
 <br>
This is a rather warning than error. Barnyard2 will check if the waldo file exists, if it does not, then Barnyard2 will warn you about it and create the waldo file for you. <br>
 <br>
>Apr 16 09:36:04 rlicsnortids1 barnyard2[1457]: Waiting for new data<br>
 <br>
This means that Barnyard2 is up and running and waiting for u2 data to read.<br>
 <br>
YM<br>
 <o:p></o:p></span></p>
<div>
<div class="MsoNormal" align="center" style="text-align:center"><span style="font-family:"Calibri","sans-serif"">
<hr size="2" width="100%" align="center">
</span></div>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif"">From: SGierczak@...16714...<br>
To: snort-users@lists.sourceforge.net<br>
Date: Wed, 16 Apr 2014 15:19:25 +0000<br>
Subject: [Snort-users] AANVAL or MYSQL question<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif"">I have just finished installing snort/barnyard/aanval.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif"">I can see that snort is working.  I see messages queuing in the alert file in /var/log/snort/eth0.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif"">Not sure if barnyard is not populating mysql or if aanval is not working.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif"">I got this message in aanval under configuration/snort module settings:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif""><img border="0" width="608" height="116" id="_x0000_i1028" src="https://image001.png@...16792..."><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif""> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif"">I verified that the db is correct as is the user name and password.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif""> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif"">I have this in the syslog for when barnyard loads:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif"">Apr 16 09:36:01 rlicsnortids1 barnyard2[1456]: Running in Continuous mode<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif"">Apr 16 09:36:01 rlicsnortids1 barnyard2[1456]:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif"">Apr 16 09:36:01 rlicsnortids1 barnyard2[1456]:         --== Initializing Barnyard2 ==--<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif"">Apr 16 09:36:01 rlicsnortids1 barnyard2[1456]: Initializing Input Plugins!<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif"">Apr 16 09:36:01 rlicsnortids1 barnyard2[1456]: Initializing Output Plugins!<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif"">Apr 16 09:36:01 rlicsnortids1 barnyard2[1456]: Parsing config file "/etc/snort/barnyard.conf"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif"">Apr 16 09:36:04 rlicsnortids1 barnyard2[1456]: Log directory = /var/log/snort/eth0<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif"">Apr 16 09:36:04 rlicsnortids1 barnyard2[1456]: Initializing daemon mode<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif"">Apr 16 09:36:04 rlicsnortids1 barnyard2[1456]: Daemon parent exiting<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif"">Apr 16 09:36:04 rlicsnortids1 barnyard2[1457]: Daemon initialized, signaled parent pid: 1456<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif"">Apr 16 09:36:04 rlicsnortids1 barnyard2[1457]: PID path stat checked out ok, PID path set to /var/run/<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif"">Apr 16 09:36:04 rlicsnortids1 barnyard2[1457]: Writing PID "1457" to file "/var/run//barnyard2_NULL.pid"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif"">Apr 16 09:36:04 rlicsnortids1 barnyard2[1457]: database: compiled support for (mysql)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif"">Apr 16 09:36:04 rlicsnortids1 barnyard2[1457]: database: configured to use mysql<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif"">Apr 16 09:36:04 rlicsnortids1 barnyard2[1457]: database: schema version = 107<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif"">Apr 16 09:36:04 rlicsnortids1 barnyard2[1457]: database:           host = localhost<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif"">Apr 16 09:36:04 rlicsnortids1 barnyard2[1457]: database:           user = snort_user<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif"">Apr 16 09:36:04 rlicsnortids1 barnyard2[1457]: database:  database name = snortdb<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif"">Apr 16 09:36:04 rlicsnortids1 barnyard2[1457]: database:    sensor name = rlicsnortids1:NULL<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif"">Apr 16 09:36:04 rlicsnortids1 barnyard2[1457]: database:      sensor id = 1<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif"">Apr 16 09:36:04 rlicsnortids1 barnyard2[1457]: database:     sensor cid = 1<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif"">Apr 16 09:36:04 rlicsnortids1 barnyard2[1457]: database:  data encoding = hex<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif"">Apr 16 09:36:04 rlicsnortids1 barnyard2[1457]: database:   detail level = full<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif"">Apr 16 09:36:04 rlicsnortids1 barnyard2[1457]: database:     ignore_bpf = no<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif"">Apr 16 09:36:04 rlicsnortids1 barnyard2[1457]: database: using the "log" facility<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif"">Apr 16 09:36:04 rlicsnortids1 barnyard2[1457]:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif"">Apr 16 09:36:04 rlicsnortids1 barnyard2[1457]:         --== Initialization Complete ==--<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif"">Apr 16 09:36:04 rlicsnortids1 barnyard2[1457]: Barnyard2 initialization completed successfully (pid=1457)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif"">Apr 16 09:36:04 rlicsnortids1 barnyard2[1457]: WARNING: Unable to open waldo file '/var/log/snort/eth0/barnyard2.waldo' (No such file or directory)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif"">Apr 16 09:36:04 rlicsnortids1 barnyard2[1457]: Opened spool file '/var/log/snort/eth0/snort.log.1397656582'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif"">Apr 16 09:36:04 rlicsnortids1 barnyard2[1457]: Closing spool file '/var/log/snort/eth0/snort.log.1397656582'. Read 0 records<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif"">Apr 16 09:36:04 rlicsnortids1 barnyard2[1457]: Opened spool file '/var/log/snort/eth0/snort.log.1397658954'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif"">Apr 16 09:36:04 rlicsnortids1 barnyard2[1457]: Waiting for new data<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif""> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif"">The only error I see is about WALDO.  Not sure if that is an issue or not.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif""> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif"">Again thanks everyone for all the help.<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif""><br>
------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in
 the field, this first edition is now available. Download your free book today! <a href="http://p.sf.net/sfu/NeoTech" target="_blank">
http://p.sf.net/sfu/NeoTech</a><br>
_______________________________________________ Snort-users mailing list <a href="mailto:Snort-users@lists.sourceforge.net">
Snort-users@lists.sourceforge.net</a> Go to this URL to change user options or unsubscribe:
<a href="https://lists.sourceforge.net/lists/listinfo/snort-users" target="_blank">
https://lists.sourceforge.net/lists/listinfo/snort-users</a> Snort-users list archive:
<a href="http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users" target="_blank">
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users</a> Please visit
<a href="http://blog.snort.org" target="_blank">http://blog.snort.org</a> to stay current on all the latest Snort news!<o:p></o:p></span></p>
</div>
</div>
</div>
</div>
</div>
</div>
</body>
</html>