Snort mailing list archives
snort events not written by barnyard2 to snorby database
From: Herbert Groot Jebbink <herbert () groot jebbink nl>
Date: Sat, 23 Jun 2012 12:16:47 +0200
Hi, I have setup snort, barnyard & snorby on a ubuntu 12.4 box, all seems ok, however the events generated by snort are not written to the mysql database. ---- below the setup in snort.conf output alert_unified2: filename alert, limit 128 ----- below the barnyard2 config config reference_file: /etc/snort/reference.config config classification_file: /etc/snort/classification.config config gen_file: /etc/snort/gen-msg.map config sid_file: /etc/snort/community-sid-msg.map config logdir: /var/log/barnyard2/ config waldo_file: /var/log/barnyard2/barnyard2.waldo input unified2 output alert_fast: stdout output database: log, mysql, user=snorby password=snorby dbname=snorby host=localhost ---- below the barnyard startup command in /etc/init.d/barnyard2 barnyard2 -d /var/log/snort -f alert > /var/log/barnyard2/start.log 2>&1 ---- below the stdout from above barnyard job --------------------------------------------------- Running in Continuous mode --== Initializing Barnyard2 ==-- Initializing Input Plugins! Initializing Output Plugins! Parsing config file "/etc/barnyard2.conf" Log directory = /var/log/barnyard2/ database: compiled support for (mysql) database: configured to use mysql database: schema version = 107 database: host = localhost database: user = snorby database: database name = snorby database: sensor name = gozo:NULL database: sensor id = 1 database: sensor cid = 1 database: data encoding = hex database: detail level = full database: ignore_bpf = no database: using the "log" facility --== Initialization Complete ==-- ______ -*> Barnyard2 <*- / ,,_ \ Version 2.1.9 (Build 263) |o" )~| By the SecurixLive.com Team: http://www.securixlive.com/about.php + '''' + (C) Copyright 2008-2010 SecurixLive. Snort by Martin Roesch & The Snort Team: http://www.snort.org/team.html (C) Copyright 1998-2007 Sourcefire Inc., et al. Using waldo file '/var/log/barnyard2/barnyard2.waldo': spool directory = /var/log/snort spool filebase = alert time_stamp = 1340435023 record_idx = 83 Opened spool file '/var/log/snort/alert.1340435023' Waiting for new data =============================================================================== Record Totals: Records: 320 Events: 320 (100.000%) Packets: 0 (0.000%) =============================================================================== Packet breakdown by protocol (includes rebuilt packets): ETH: 0 (0.000%) ETHdisc: 0 (0.000%) VLAN: 0 (0.000%) IPV6: 0 (0.000%) IP6 EXT: 0 (0.000%) IP6opts: 0 (0.000%) IP6disc: 0 (0.000%) IP4: 0 (0.000%) IP4disc: 0 (0.000%) TCP 6: 0 (0.000%) UDP 6: 0 (0.000%) ICMP6: 0 (0.000%) ICMP-IP: 0 (0.000%) TCP: 0 (0.000%) UDP: 0 (0.000%) ICMP: 0 (0.000%) TCPdisc: 0 (0.000%) UDPdisc: 0 (0.000%) ICMPdis: 0 (0.000%) FRAG: 0 (0.000%) FRAG 6: 0 (0.000%) ARP: 0 (0.000%) EAPOL: 0 (0.000%) ETHLOOP: 0 (0.000%) IPX: 0 (0.000%) OTHER: 0 (0.000%) DISCARD: 0 (0.000%) InvChkSum: 0 (0.000%) S5 G 1: 0 (0.000%) S5 G 2: 0 (0.000%) Total: 0 =============================================================================== Kind Regards, Herbert ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- snort events not written by barnyard2 to snorby database Herbert Groot Jebbink (Jun 23)
- Re: snort events not written by barnyard2 to snorby database beenph (Jun 23)