Re: barnyard help

["Maxwell, Jamison [HDS]" <JMaxwell () PBP1 COM>]

I'm also having the same problem with the latest version of snort and barnyard.  I turned on mysql logging and I was 
able to see a great deal of activity, however barnyard would only insert into the reference table, but not any of the 
others.  Based on my observation of my current production system, I'm doing an upgrade, this is normal behavior if 
barnyard has  a big log to work through, but at the end of processing it will insert into the other tables creating the 
alert we see in whatever front-end we choose (Snorby all the way!).   However, there is no activity on any other table. 
 This was true with both continuous processing and with batch processing.




Jamison Maxwell
Sr. Systems Administrator
HD Supply - Facilities Maintenance

From: Doug Metz [mailto:dwmetz () gmail com]
Sent: Thursday, June 20, 2013 4:47 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] barnyard help

I've recently gotten a few of our snort sensors upgraded (re-installed) to v 2.9.4.

Snort itself tests fine

./snort -T -i eth0 -u snort -g snort -c /etc/snort/snort.conf

Barnyard tests fine

barnyard2 -c /etc/barnyard2.conf -d /var/log/snort -f merged.log -T


I see the file sizes for alert and snort.x logs incrementing.

Problem is that I don't see any events passing to the snort database.


Your assistance in troubleshooting is greatly appreciated.

------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!