Snort mailing list archives
Re: barnyard with snort
From: "Farnsworth, Robert" <robert.farnsworth () hpe com>
Date: Fri, 25 Sep 2015 19:50:35 +0000
Thanks, I'll be looking for it. From: Davison, Charles Robert [mailto:cdaviso1 () vols utk edu] Sent: Friday, September 25, 2015 3:31 PM To: Farnsworth, Robert; snort-users () lists sourceforge net Cc: Mike Hendrie Subject: Re: [Snort-users] barnyard with snort Robert, I am traveling all day today, but can send you some documents tomorrow. The document covers how to install by2 for Ubuntu 14.04 LTS. I gave Mike a .pdf that covers a complete install. If he can send it today that would work. If not I can send you something tomorrow. Sent from Outlook<http://aka.ms/Ox5hz3> _____________________________ From: Farnsworth, Robert <robert.farnsworth () hpe com<mailto:robert.farnsworth () hpe com>> Sent: Friday, September 25, 2015 8:46 AM Subject: [Snort-users] barnyard with snort To: <snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>> I submitted this before but did not received an answer or resolution. Any help would be appreciated. Let me know if you need any other information. I get the following error when starting barnyard2 - [CacheSynchronize()],INFO: No system was found in cache (from signature map file), will not process or synchronize informations found in the database Also not getting any alerts in mysql database. Below is the command I run for Barnyard. [root@usolglwxoh004 snort]# /usr/bin/barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.log -w /var/log/snort/barnyard.waldo& [1] 12581 [root@usolglwxoh004 snort]# Running in Continuous mode --== Initializing Barnyard2 ==-- Initializing Input Plugins! Initializing Output Plugins! Parsing config file "/etc/snort/barnyard2.conf" +[ Signature Suppress list ]+ ---------------------------- +[No entry in Signature Suppress List]+ ---------------------------- +[ Signature Suppress list ]+ Barnyard2 spooler: Event cache size set to [2048] Log directory = /var/log/barnyard2 INFO database: Defaulting Reconnect/Transaction Error limit to 10 INFO database: Defaulting Reconnect sleep time to 5 second [CacheSynchronize()],INFO: No system was found in cache (from signature map file), will not process or synchronize informations found in the database database: compiled support for (mysql) database: configured to use mysql database: schema version = 107 database: host = localhost database: user = snort_user database: database name = snortdb database: sensor name = localhost:eth2 database: sensor id = 2 database: sensor cid = 4 database: data encoding = hex database: detail level = full database: ignore_bpf = no database: using the "log" facility --== Initialization Complete ==-- ______ -*> Barnyard2 <*- / ,,_ \ Version 2.1.13 (Build 327) |o" )~| By Ian Firns (SecurixLive): http://www.securixlive.com/ + '''' + (C) Copyright 2008-2013 Ian Firns <firnsy () securixlive com<mailto:firnsy () securixlive com>> Using waldo file '/var/log/snort/barnyard.waldo': spool directory = /var/log/snort spool filebase = snort.log time_stamp = 1435349813<tel:1435349813> record_idx = 0 Waiting for new spool file Thanks Robert
------------------------------------------------------------------------------
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- barnyard with snort Farnsworth, Robert (Sep 25)
- Re: barnyard with snort Davison, Charles Robert (Sep 25)
- Re: barnyard with snort Farnsworth, Robert (Sep 25)
- Re: barnyard with snort Davison, Charles Robert (Sep 25)