Snort mailing list archives
Re: Remote sensor startup issue.
From: "mdpeters" <michael.peters () lazarusalliance com>
Date: Wed, 16 Feb 2005 07:37:27 -0500
Thanks for the explanation. I did resolve the startup issue. Chalk it up to Fedora Core weirdness. I've built dozens of Snort boxes and this would be the very first startup script issue I have had.
----- Original Message ----- From: "Alex Butcher, ISC/ISYS" <Alex.Butcher () bristol ac uk>
To: "mdpeters" <michael.peters () lazarusalliance com> Cc: <snort-users () lists sourceforge net> Sent: Wednesday, February 16, 2005 5:15 AM Subject: Re: [Snort-users] Remote sensor startup issue.
--On 15 February 2005 08:12 -0500 mdpeters <michael.peters () lazarusalliance com> wrote:Are you suggesting that a remote Snort sensor can not send alerts to a central Snort MySQL system?It can, but as it's not multithreaded, if the database slows down, snort will start dropping (i.e. ignoring, rather than blocking) traffic.It seems to me that all I need to do is resolve the startup malfunction. It logs just fine when I manually fire the remote sensor up. I have no experience with Barnyard. Would I run a MySQL database on the sensor and use Barnyard to send alerts to the central system?No. Snort logs to a unified log file, barnyard picks up new entries and sends them to the database server. The database server and barnyard can be on the same host, or different hosts. Barnyard and Snort must be on the same machine (unless you use NFS or something to share out the log director... ewwww...)To return to your original problem, though, what user is attempting to start snort at system boot? Do they have read access to all the snort config files? What error messages are given? (they might be in /var/log/messages or similar).Best Regards, Alex. -- Alex Butcher: Security & Integrity, Personal Computer Systems Group Information Systems and Computing GPG Key ID: F9B27DC9 GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9 ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Remote sensor startup issue. mdpeters (Feb 14)
- Message not available
- Re: Remote sensor startup issue. mdpeters (Feb 15)
- Re: Remote sensor startup issue. Alex Butcher, ISC/ISYS (Feb 16)
- Re: Remote sensor startup issue. mdpeters (Feb 16)
- Re: Remote sensor startup issue. mdpeters (Feb 15)
- Message not available