Snort mailing list archives
Snort PCAP FRAMES Query
From: Michael Sloan <sloan () caps fsu edu>
Date: Fri, 30 Apr 2010 12:01:35 -0400
I'm still having fits with my Snort/Barnyard2/BASE/mySQL installation under SUSE Linux Enterprise 11, and decided to recompile Snort with --with-mysql --with-mysql-libraries=/usr/lib/mysql -- with mysql-includes=/usr/include/mysql to see if possibly some of my issues might go away - Things like only seeing SSH Protocol Mismatch as the only reported error (I cleared the records in BASE before starting with the newly compiled snort binary) and links to information at snortid.com not even being in the format used at that site. I see an entry of the form 128-4, whereas snortid.com uses a X:YYYY format. Using Snort 2.8.5.3, BASE-1.4.5, and Barnyard2-1.8... What I noticed in the logs when I started snort is Not using PCAP FRAMES. Would this account for why attempting to drill down and look at the packet information displayed an error? If so, where is this enabled? I start snort with the following command line: /usr/local/bin/snort -i eth0 -c /etc/snort/snort.conf -d -D -u snort My output line in snort.conf is: output unified2: filename snort.log, limit 128 And my barnyard2.conf output line is: output database: alert, mysql, user=snort password=WildlySecretPassword dbname=snort host=localhost mySQL seems to be set up correctly, with 16+ tables in the snort database and the user snort@localhost being able to authenticate to the database. I'm not sure where to go next in dealing with these problems. Any suggestions or recommendations would be greatly appreciated. -- Michael Sloan Systems Administrator FSU Center for Advanced Power Systems sloan () caps fsu edu ------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort PCAP FRAMES Query Michael Sloan (Apr 30)
- Re: Snort PCAP FRAMES Query Seth Art (Apr 30)