Snort mailing list archives
Re: Snort Install successful - Need a proper database
From: waldo kitty <wkitty42 () windstream net>
Date: Tue, 20 Nov 2012 14:31:13 -0500
On 11/20/2012 13:35, k vijay sai prashanth wrote:
Hey Waldo, I've installed snort and Barnyard2 and mysql. how do I run all of them and get them to work and know if they're linked?
each is a separate process so each is started on its own... you already have snort working, right? if not, then stop and get snort working first... if snort is working, the next step would be to get the database operational... yes, this seems out of order as snort is one end of the line and the database is the other end but both have to be working before BY2 can enter the fray and move the data from snort to the database... in getting BY2 working, its operations configuration process tells what it looks for (unified2 log file and file name) from snort and what it needs to access the database (database server address, username, password, table name prefix??)... you should already have followed the directions for creating the necessary database tables for BY2 to use... if snort is working, check the BY2 log file(s) to see that it is properly reading the snort unified2 log file... also check that it can properly access the database to inject the data... if this is all working, the next step would be to query the database... just something simple to ensure that you can get the data from those tables that BY2 should be writing to... if all of that works, then it is all working and you only need some front end to read the data in the database and correlate it for you... NOTE: i've not actually performed the BY2 steps on any of my systems at this time... i do have numerous snort installs working as well as numerous database installs that work... i on;y need to see if i can get BY2 into the closed environment we use and that's going to be the hardest part i think...
Regards, Prashanth On Tue, Nov 20, 2012 at 3:13 AM, waldo kitty <wkitty42 () windstream net <mailto:wkitty42 () windstream net>> wrote: On 11/19/2012 14:38, k vijay sai prashanth wrote: > Hello Team, > > Please help me on this. I am close to completing my installation of snort. I can > feel it. Also if someone can tell me the relevance of Barnyard2. Everyone seems > to be discussing about this. How does it help me. Does it help me interpret the > logs of snort? as discussed in this thread -> Snortsam patch for 2.9.3.1 <- as a thread drift instigated by me, barnyard2 takes the output from snort and converts it to numerous other output formats so that snort can perform the busy job of sniffing the traffic and not having to worry about getting the output to the destination... snort writes the files that barnyard2 reads... then barnyard2 handles getting the data into databases or feeding it to front ends... barnyard2 can take all the time it needs while snort keeps on snorting and logging without slowing down... snort -> by2_input_files -> by2 -> database as for installing a database and creating the tables, install mysql and barnyard2... in the barnyard2 installation stuff, there will be something describe and possibly even create the tables you will need... from there, you can then choose what front end you want to use to peruse the data generated... personally, i'm this || close to taking the plunge and seeing what i can break in the closed environment we use over here ;)
------------------------------------------------------------------------------ Monitor your physical, virtual and cloud infrastructure from a single web console. Get in-depth insight into apps, servers, databases, vmware, SAP, cloud infrastructure, etc. Download 30-day Free Trial. Pricing starts from $795 for 25 servers or applications! http://p.sf.net/sfu/zoho_dev2dev_nov _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort Install successful - Need a proper database k vijay sai prashanth (Nov 19)
- Re: Snort Install successful - Need a proper database k vijay sai prashanth (Nov 19)
- Re: Snort Install successful - Need a proper database waldo kitty (Nov 19)
- Re: Snort Install successful - Need a proper database k vijay sai prashanth (Nov 20)
- Re: Snort Install successful - Need a proper database waldo kitty (Nov 20)
- Re: Snort Install successful - Need a proper database k vijay sai prashanth (Nov 20)
- Re: Snort Install successful - Need a proper database Ron Sinclair (Nov 20)
- Re: Snort Install successful - Need a proper database Ron Sinclair (Nov 20)
- Re: Snort Install successful - Need a proper database k vijay sai prashanth (Nov 21)
- Re: Snort Install successful - Need a proper database k vijay sai prashanth (Nov 21)
- Re: Snort Install successful - Need a proper database Ron Sinclair (Nov 21)
- Re: Snort Install successful - Need a proper database k vijay sai prashanth (Nov 21)
- Re: Snort Install successful - Need a proper database beenph (Nov 21)
- Re: Snort Install successful - Need a proper database waldo kitty (Nov 21)
- Re: Snort Install successful - Need a proper database beenph (Nov 21)
- Re: Snort Install successful - Need a proper database waldo kitty (Nov 19)
- Re: Snort Install successful - Need a proper database k vijay sai prashanth (Nov 19)