[Snort-users] Cannot get the sensors table to fill in.
This is a discussion on [Snort-users] Cannot get the sensors table to fill in. within the Snort forums, part of the System Security and Security Related category; This is a multi-part message in MIME format. --===============0293441324== content-class: urn:content-classes:message Content-Type: multipart/alternative; ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
06-29-2007
|
|||
|
|||
[Snort-users] Cannot get the sensors table to fill in.
This is a multi-part message in MIME format.
--===============0293441324== content-class: urn:content-classes:message Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C7BA81.E0A21C9C" This is a multi-part message in MIME format. ------_=_NextPart_001_01C7BA81.E0A21C9C Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable I am running Snort 2.6.1.5-1 with mysql 5 and when I startup snort it runs but does not right to the DB. When I last asked this question someone told me that I should have snort logging to unified files and then have barnyard reading the unified files and uploading the data to mysql. So that is what I have. =20 Now I see data in the DB but the sensor table is empty. Shouldn't this table get populated with my different nics? I am running snort on 3 interfaces on this one node. =20 How can I fix this?? Louis =20 ~~ ------------------------------------- Louis Bohm Network Administrator Adnexus Therapeutics 781.209.2324 ------------------------------------- =20 ------_=_NextPart_001_01C7BA81.E0A21C9C Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable <html xmlns:o=3D"urn:schemas-microsoft-com:office:office" = xmlns:w=3D"urn:schemas-microsoft-com:office:word" = xmlns:st1=3D"urn:schemas-microsoft-com:office:smarttags" = xmlns=3D"http://www.w3.org/TR/REC-html40"> <head> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3Dus-ascii"> <meta name=3DGenerator content=3D"Microsoft Word 11 (filtered medium)"> <o:SmartTagType = namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags" name=3D"PersonName"/> <!--[if !mso]> <style> st1\:*{behavior:url(#default#ieooui) } </style> <![endif]--> <style> <!-- /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0in; margin-bottom:.0001pt; font-size:12.0pt; font-family:"Times New Roman";} a:link, span.MsoHyperlink {color:blue; text-decoration:underline;} a:visited, span.MsoHyperlinkFollowed {color:purple; text-decoration:underline;} span.EmailStyle17 {mso-style-type:personal-compose; font-family:Arial; color:windowtext;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in;} div.Section1 {page:Section1;} --> </style> </head> <body lang=3DEN-US link=3Dblue vlink=3Dpurple> <div class=3DSection1> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>I am running Snort 2.6.1.5-1 with mysql 5 and when I = startup snort it runs but does not right to the DB. When I last asked this = question someone told me that I should have snort logging to unified files and = then have barnyard reading the unified files and uploading the data to = mysql. So that is what I have.<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>Now I see data in the DB but the sensor table is = empty. Shouldn’t this table get populated with my different nics? I = am running snort on 3 interfaces on this one node.<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>How can I fix this??<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>Louis<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>~~<br> -------------------------------------<br> <st1:PersonName w:st=3D"on">Louis Bohm</st1:PersonName><br> Network Administrator<br> Adnexus Therapeutics<br> 781.209.2324<br> -------------------------------------</span></font><o:p></o:p></p> <p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span = style=3D'font-size: 12.0pt'><o:p> </o:p></span></font></p> </div> </body> </html> ------_=_NextPart_001_01C7BA81.E0A21C9C-- --===============0293441324== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ --===============0293441324== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users --===============0293441324==-- 
|
Linear Mode
