Problem with Barnyard2
-
Have you also installed the Snort package into the VM? That directory path of /etc/snort/barnyard2.conf" is not correct for a properly configured Snort installation. On pfSense, Barnyard2 is really a support package for Snort; so Snort must also be installed and configured. In fact, Snort installs Barnyard2 during its own installation.
Bill
-
Sorry for not giving details, but I'm doing a job monograph on intrusion detection, is a work of completion, only that I will simulate an attack on the virtual machine operating system is installed ubuntu 12.04 snort already installed, I'm having problems when I boot the barnyard2, I've looked at other forums the answer to the problem but it seems that does not have an exact answer, I find only parts of the discussion of the problem.
-
Sorry for not giving details, but I'm doing a job monograph on intrusion detection, is a work of completion, only that I will simulate an attack on the virtual machine operating system is installed ubuntu 12.04 snort already installed, I'm having problems when I boot the barnyard2, I've looked at other forums the answer to the problem but it seems that does not have an exact answer, I find only parts of the discussion of the problem.
Your response is a little difficult for me to follow due to the translation, but it sounds like you are trying to run Snort on Ubuntu 12.04 along with Barnyard2. If that is true, then that has nothing to do with Snort on pfSense. Am I misunderstanding your post?
Bill
-
Sorry for not giving details, but I'm doing a job monograph on intrusion detection, is a work of completion, only that I will simulate an attack on the virtual machine operating system is installed ubuntu 12.04 snort already installed, I'm having problems when I boot the barnyard2, I've looked at other forums the answer to the problem but it seems that does not have an exact answer, I find only parts of the discussion of the problem.
Your response is a little difficult for me to follow due to the translation, but it sounds like you are trying to run Snort on Ubuntu 12.04 along with Barnyard2. If that is true, then that has nothing to do with Snort on pfSense. Am I misunderstanding your post?
Bill
Yes, I am trying to run the barnyard2 with Snort in ubuntu 12.04 you do not misunderstand my post, to make my project I need to use the barnyard2 with snort .. I'm still looking for an answer to this problem in barnyard2
-
You can close the topic could solve the problem … the path of mysql was not directed corretamento was right. / Configure - with-mysql-libraries = / usr/lib/i386-linux-gnu / .. I appreciate the responses and thank you for your attention ..
-
I solved this problem but appeared other problem with waldo file
I run command:
carlos@carlos-VirtualBox:~$ barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.u2 -w /var/log/barnyard2/barnyard2.waldo
Running in Continuous mode–== Initializing Barnyard2 ==--
Initializing Input Plugins!
Initializing Output Plugins!
Parsing config file "/etc/snort/barnyard2.conf"
Log directory = /var/log/barnyard2
database: compiled support for (mysql)
database: configured to use mysql
database: schema version = 107
database: host = localhost
database: user = root
database: database name = snort
database: sensor name = snort:eth0
database: sensor id = 3
database: sensor cid = 1
database: data encoding = hex
database: detail level = full
database: ignore_bpf = no
database: using the "log" facility--== Initialization Complete ==--
______ -> Barnyard2 <-
/ ,,_ \ Version 2.1.9 (Build 263)
|o" )~| By the SecurixLive.com Team: http://www.securixlive.com/about.php- '''' + (C) Copyright 2008-2010 SecurixLive.
Snort by Martin Roesch & The Snort Team: http://www.snort.org/team.html
(C) Copyright 1998-2007 Sourcefire Inc., et al.WARNING: Ignoring corrupt/truncated waldofile '/var/log/barnyard2/barnyard2.waldo'
Waiting for new spool filesnort conf >>> http://pastebin.ca/2469866
barnyard2.conf>>> http://pastebin.ca/2469868
-
The waldo file message is basically harmless. Barnyard2 will complain about that file, but still work from my experience.
Bill
-
seems like I solved the problem he is using the file waldo, he just is waiting for new data 'waiting for new data', is that really how it works?
root@carlos-VirtualBox:~# barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.u2 -w /var/log/snort/barnyard2.waldo
Running in Continuous mode–== Initializing Barnyard2 ==--
Initializing Input Plugins!
Initializing Output Plugins!
Parsing config file "/etc/snort/barnyard2.conf"
Log directory = /var/log/barnyard2
database: compiled support for (mysql)
database: configured to use mysql
database: schema version = 107
database: host = localhost
database: user = root
database: database name = snort
database: sensor name = snort:eth0
database: sensor id = 3
database: sensor cid = 11
database: data encoding = hex
database: detail level = full
database: ignore_bpf = no
database: using the "log" facility--== Initialization Complete ==--
______ -> Barnyard2 <-
/ ,,_ \ Version 2.1.9 (Build 263)
|o" )~| By the SecurixLive.com Team: http://www.securixlive.com/about.php- '''' + (C) Copyright 2008-2010 SecurixLive.
Snort by Martin Roesch & The Snort Team: http://www.snort.org/team.html
(C) Copyright 1998-2007 Sourcefire Inc., et al.Using waldo file '/var/log/snort/barnyard2.waldo':
spool directory = /var/log/snort
spool filebase = snort.u2
time_stamp = 1382474203
record_idx = 20
Opened spool file '/var/log/snort/snort.u2.1382474203'
Closing spool file '/var/log/snort/snort.u2.1382474203'. Read 20 records
Opened spool file '/var/log/snort/snort.u2.1382479354'
Waiting for new data -
seems like I solved the problem he is using the file waldo, he just is waiting for new data 'waiting for new data', is that really how it works?
Yep, just waiting for something to come in so he can log it to the database.
Bill
-
thanks for the replies, served much help
