Snort mailing list archives
Re: Install Snort on Ubuntu with mysql and SnortReports
From: "Castle, Shane" <scastle () bouldercounty org>
Date: Wed, 10 Nov 2010 09:10:33 -0700
Hard to say. We'd have to look at your (snort|barnyard).conf files. Also, all the junk you are putting on the command line for the barnyard options can be put into a config file. Look at this from one of my barnyard2 config files (some info deleted): config logdir: /var/snort/barnyard-eth2 config waldo_file: /var/snort/barnyard-eth2/waldo config reference_file: /etc/snort/reference.config config classification_file: /etc/snort/classification.config config gen_file: /etc/snort/gen-msg.map config sid_file: /etc/snort/sid-msg.map config sid_file: /etc/snort/rules/emerging-sid-msg.map config sid_file: /etc/snort/local-sid-msg.map config alert_with_interface_name config alert_on_each_packet_in_stream config daemon config set_gid: IDS config set_uid: snort config decode_data_link config dump_payload_verbose config show_year config umask: 002 config process_new_records_only input unified2 output database: alert, mysql, dbname=XXXXXX user=XXXXXXXX host=localhost password=XXXXXXXX -- Shane Castle Data Security Mgr, Boulder County IT CISSP GSEC GCIH -----Original Message----- From: Atkins, Dwane P [mailto:ATKINSD () uthscsa edu] Sent: Wednesday, November 10, 2010 08:45 To: 'snort-users () lists sourceforge net' Subject: [Snort-users] Install Snort on Ubuntu with mysql and SnortReports I am still working at this. I am not sure I am reporting to the mysql database at this point. Is this proper: snorttest@Wilbur:~$ ps -aux | grep snort Warning: bad ps syntax, perhaps a bogus '-'? See http://procps.sf.net/faq.html snort 1681 0.0 4.0 188532 126048 ? Ss Nov09 0:02 /usr/local/snort/bin/snort -D -u snort -g snort -c /usr/local/snort/etc/snort.conf -i eth0 root 1683 0.0 0.0 5324 1244 ? Ss Nov09 0:02 /usr/local/bin/barnyard2 -c /usr/local/snort/etc/barnyard2.conf -G /usr/local/snort/etc/gen-msg.map -S /usr/local/snort/sid-msg.map -d /var/log/snort -f snort.u2 -w /var/log/snort/barnyard2.waldo -D root 2236 0.0 0.1 8936 3124 ? Ss 09:28 0:00 sshd: snorttest [priv] 1000 2308 0.0 0.0 8936 1520 ? S 09:28 0:00 sshd: snorttest@pts/0 1000 2362 0.0 0.0 4012 756 pts/0 S+ 09:43 0:00 grep --color=auto snort I just need to see some packets in the mysql dump. Any help would be appreciated at this point. HTnak you all for your help yesterday. Dwane ------------------------------------------------------------------------------ The Next 800 Companies to Lead America's Growth: New Video Whitepaper David G. Thomson, author of the best-selling book "Blueprint to a Billion" shares his insights and actions to help propel your business during the next growth cycle. Listen Now! http://p.sf.net/sfu/SAP-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Install Snort on Ubuntu with mysql and SnortReports Castle, Shane (Nov 10)
- Re: Install Snort on Ubuntu with mysql and SnortReports Atkins, Dwane P (Nov 10)
- Re: Install Snort on Ubuntu with mysql and SnortReports Atkins, Dwane P (Nov 10)
- Re: Install Snort on Ubuntu with mysql and SnortReports Brad P (Nov 10)
- Re: Install Snort on Ubuntu with mysql and SnortReports Atkins, Dwane P (Nov 10)
- Re: Install Snort on Ubuntu with mysql and SnortReports Brad P (Nov 10)