Snort mailing list archives
Re: Sguil 8 and Barnyard2 beta
From: James Lay <jlay () slave-tothe-box net>
Date: Sun, 10 Jul 2011 08:36:35 -0600
Thanks Bamm and Firnsy....been going step by step and installing and configuring the sensors comes last after starting barnyard2. I'll try with the sensors then try again. I think I have another question on this setup, but I'll start a new thread after getting this one fixed up. Thanks again. James On 7/10/11 7:26 AM, "Bamm Visscher" <bamm.visscher () gmail com> wrote:
Hi James, Barnyard shouldn't be configured to connect directly to sguild, instead, it connects to the snort_agent (port 7735 by default). Check your snort_agent.conf and see what you have BY_PORT configured to. So should be barnyard2 -> snort_agent:7735 -> sguild:7736 Bamm On Sun, Jul 10, 2011 at 7:36 AM, James Lay <jlay () slave-tothe-box net> wrote:Hey all, So.been trying to get sguil to flyand here's what I see below: Running in Continuous mode --== Initializing Barnyard2 ==-- Initializing Input Plugins! Initializing Output Plugins! Parsing config file "/opt/etc/snort/barnyard2.conf" Log directory = /var/log/barnyard2 sguil: sensor name = gateway sguil: agent port = 7736 sguil: Connected to localhost on 7736. 2011-07-10 11:31:58 pid(19350) Sensor agent connect from 127.0.0.1:40978 sock15 2011-07-10 11:31:58 pid(19350) Validating sensor access: 127.0.0.1 : 2011-07-10 11:31:58 pid(19350) Valid sensor agent: 127.0.0.1 ERROR: sguil: Expected SidCidResponse and got 'SGUIL-0.8.0 OPENSSL ENABLED ' Fatal Error, Quitting.. 2011-07-10 11:31:58 pid(19350) Sensor Data Rcvd: SidCidRequest gateway 2011-07-10 11:31:58 pid(19350) Ignoring cmd from unregistered agent: SidCidRequest gateway 2011-07-10 11:31:58 pid(19350) Sensor Data Rcvd: 2011-07-10 11:31:58 pid(19350) Ignoring cmd from unregistered agent: 2011-07-10 11:31:58 pid(19350) Socket sock15 closed Scouring the net found me nothing with this. Any hints on what I can do to fix this? Got to admit.sguil is one of the most frustration apps I've tried to get working James ------------------------------------------------------------------------- ----- All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please see http://www.snort.org/docs for documentation-- sguil - The Analyst Console for NSM http://sguil.sf.net -------------------------------------------------------------------------- ---- All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please see http://www.snort.org/docs for documentation
------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please see http://www.snort.org/docs for documentation
Current thread:
- Sguil 8 and Barnyard2 beta James Lay (Jul 10)
- Re: Sguil 8 and Barnyard2 beta firnsy (Jul 10)
- Re: Sguil 8 and Barnyard2 beta Bamm Visscher (Jul 10)
- Re: Sguil 8 and Barnyard2 beta James Lay (Jul 10)