Snort mailing list archives
Re: trying this again (UNCLASSIFIED)
From: Jeremy Hoel <jthoel () gmail com>
Date: Thu, 13 Dec 2012 17:48:25 +0000
Running Snort/BY2 on CentOS/RH isn't any harder then any other distro.. I run 50 sensors on Cent 6.3 The ESX part does make things different in the sniffing/packet capture part, but that's a different conversation. As always, take the troubleshooting one step at a time.. snort, then output, then barnyard2 then mysql checks then the console. IF you want help, we'll work through each of the problems, but we'll need more information about the problems and errors. On Wed, Dec 12, 2012 at 3:27 PM, Cass, Mark A CTR (US) <mark.a.cass2.ctr () mail mil> wrote:
Classification: UNCLASSIFIED Caveats: NONE Hello, I’ve tried e-mailing the list before with not one response, but here it goes again: I’m trying to implement a snort IDS with add-ons in a RHEL 6.3 x86 VMWare server. I need to get snort, mysql, barnyard2, snorby, and pulled pork all working together. The problem, is that guides are either made for just snort/mysql install, or for a different OS like Ubuntu, or for an old version of snort, or for other 3rd party software, or are telling you some sort of db configuration schema script to run that doesn’t exist where it says it should (later finding out it came with barnyard2 instead of the snort package) so I’ve no help from any of the so-called “setup” or “configuration” guides. I’ve got snort, mysql, barnyard2 and pulled pork installed at the moment, but nothing is working together. Pulled pork has errors, but I believe the last I left it, was downloading rules, snort doesn’t output to barnyard2 or barnyard2 isn’t writing to the mysql database, I have no idea. I’ve never set up an IDS before, never messed with the CPAN or perl stuff, and honestly was expecting some rpm files to install and an hour or so on some of the configuration scripts. I’m pulling my hair out over this right now, as my work time to implement this doesn’t allow the hours and hours and hours I apparently would need to spend scouring the internet’s furthest reaches for correct and proper information pertaining to the operating system used and all add-ons, however, believe me, I’ve spent countless hours already trying to do just that. I’ve kind of given up just a bit in the last couple of weeks because I can’t find any good useful information on this particular setup. Has anyone ever set this up on a RHEL 6 installation with the additional utilities I’ve listed, and can help me? Thank you, Mark A. Cass Security+ CE, RHCSA, MCTS Systems Administrator/Network Manager (SANM) CGI Federal Contractor 700 McNair Ave. Suite 107 (Knox Hall) Fort Sill, Oklahoma 73503 Ph. 580.442.0098 Fax 580.248.2188 mark.a.cass2.ctr () mail mil Classification: UNCLASSIFIED Caveats: NONE ------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- trying this again (UNCLASSIFIED) Cass, Mark A CTR (US) (Dec 13)
- Re: trying this again (UNCLASSIFIED) Rhoades . Jon (Dec 13)
- Re: trying this again (UNCLASSIFIED) Peter Bates (Dec 13)
- Re: trying this again (UNCLASSIFIED) Cass, Mark A CTR (US) (Dec 14)
- Re: trying this again (UNCLASSIFIED) beenph (Dec 14)
- Re: trying this again (UNCLASSIFIED) Cass, Mark A CTR (US) (Dec 14)
- Re: trying this again (UNCLASSIFIED) Peter Bates (Dec 14)
- Re: trying this again (UNCLASSIFIED) beenph (Dec 14)
- Re: trying this again (UNCLASSIFIED) beenph (Dec 14)
- Re: trying this again (UNCLASSIFIED) Rhoades . Jon (Dec 13)