Snort mailing list archives

Previous By Date Next
Previous By Thread Next

BarnYard2 Waiting for New Data Issue

From: "Matt Brichetto" <m_brichetto () cuinterface com>
Date: Thu, 22 Aug 2013 14:04:53 -0400
Hello,

 

I am new to Snort. I used the WinSnort.com for the setup guides since I
am on a Windows machine.

 

So I just installed it for the first time following the WinIDS - Windows
XP / 2003 / 7 / 2008 / 2012 - Apache2 - MySQL Guide. 

Snort is installed on a Windows 7 SP1 64 bit machine. 

The issue I am having is that I see no traffic flowing through the
Barnyard2 window or the Base web interface. The text in the Barnyard2
window gets stuck on says: 

Waiting for new data 
Closing spool file 'd:\winids\snort\log/merged.log.1377184718'. Read 0
records 
Opened spool file 'd:\winids\snort\log/merged.log.1377185664' 
Waiting for new data 

Now I have seen it flow before when i used the testrules file and then
added that to my snort.conf file. I saw traffic flowing through both
Barnyard2 and Base. I then commented out the test rules path in my
snort.conf file and traffic doesn't show anymore. I also c 

I am also using Pulled Pork for auto updating, so I used the Companion
install guide for that. I got my oinkcode added that to the
Pulledpork.conf file and I am using the Snort version rules of 2.9.5.0
under the registered users since I am not a subscriber. I am thinking
that Barnyard2 is getting stuck somewhere when it tries to merge logs,
but I don't know if it is related to pulled pork or not. So i had
cleared out my logs and re-initiated the download of the rules but still
no traffic. 

 

If you need to see my snort.conf or pulled.conf files please let me
know.

 

Thank you,

 

Matt




 



This communication may contain privileged and/or confidential information. It is intended solely for the use of the 
addressee. If you are not the intended recipient, you are strictly prohibited from disclosing, copying, distributing or 
using any of this information. If you received this communication in error, please contact the sender immediately and 
destroy the material in its entirety, whether electronic or hard copy. This communication may contain nonpublic 
information about individuals and businesses subject to the restrictions of the Gramm-Leach-Bliley Act. You may not 
directly or indirectly reuse or redisclose such information for any purpose other than to provide the services for 
which you are receiving the information.


------------------------------------------------------------------------------
Introducing Performance Central, a new site from SourceForge and 
AppDynamics. Performance Central is your source for news, insights, 
analysis and resources for efficient Application Performance Management. 
Visit us today!
http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: