Snort mailing list archives
Re: Snort not generating alerts
From: Peter Bates <peter.bates () ucl ac uk>
Date: Tue, 10 Jul 2012 12:59:22 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/07/2012 12:29, Pratik Narang wrote:
As an update- running snort with * -A console* *does *generate that Google alert i was talking about.... So my best guess is that there is some problem in communicating with mysql (either with Snort or with Barnyard?)
Have you looked whether the unified2 file, 'snort.u2' in your configuration contains any alerts or data using u2spewfoo? I do note from your earlier message: WARNING: Ignoring corrupt/truncated waldofile '/var/log/snort/barnyard2.waldo' I have seen a problem with Barnyard where if the waldo file contains rubbish or is corrupted in some way then Barnyard doesn't log new events. It might be worth deleting that and restarting Barnyard. - -- Peter Bates Senior Computer Security Officer Phone: +44(0)2076792049 Information Services Division Internal Ext: 32049 University College London London WC1E 6BT -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJP/BkaAAoJELhVoVpEMS6R/x4H/isqfr6uFIK9oGq3kMuCMK0v 9pFWjLuRQ+riN/3TVHMVFhvyZzgKmh8qdIWLBrn2Hxn8SS9f4CghmPG21qwKIljz VyVBZk8aed6BxlC5hBe4H7bw2HhmLCAIYoTPtQ00Z/TlMoDXc3FITqWthrTOkuqe BRR1zRsHhBBUjYGQkUtZNQzNjV30zUuTz85Fp4UHN4L1xrq/+E4HibulB6wf1arR B4f2rz+8frNNLJ4ML3wBst+zU4QdkGzTZtn3PMYwuSmUDv4CEg2NBMbfpJiwAv8h zX4s8C2YnKAxMzmrT9BnCVzruj5gvfDKf5f8AtHFN8gVnk1dRWBJSZt7RpVvAR0= =LEL3 -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort not generating alerts Pratik Narang (Jul 05)
- Re: Snort not generating alerts praveen_recker . (Jul 05)
- Re: Snort not generating alerts Pratik Narang (Jul 05)
- Re: Snort not generating alerts Pratik Narang (Jul 10)
- Message not available
- Re: Snort not generating alerts Pratik Narang (Jul 10)
- Re: Snort not generating alerts Richmond, Ian (Jul 12)
- Re: Snort not generating alerts Pratik Narang (Jul 05)
- Re: Snort not generating alerts praveen_recker . (Jul 05)
- Re: Snort not generating alerts Peter Bates (Jul 10)
- Re: Snort not generating alerts Pratik Narang (Jul 10)
- Re: Snort not generating alerts Peter Bates (Jul 10)
- Re: Snort not generating alerts Pratik Narang (Jul 12)
- Re: Snort not generating alerts Peter Bates (Jul 13)