Snort Report 1.3.1 - No Data
1,469 views
Skip to first unread message
John Mattia
Sep 29, 2010, 3:42:57 PM9/29/10
to snortreport-users
I have successfully configured Snort 2.6.8.1 following the
instructions in your Ubuntu 10.04 installation guide.
Snort is working great, and I can see alerts coming through when I run
Snort through the console.
However, Snort Report consistently shows absolutely no data. Nothing.
Any ideas?
Regards,
John
instructions in your Ubuntu 10.04 installation guide.
Snort is working great, and I can see alerts coming through when I run
Snort through the console.
However, Snort Report consistently shows absolutely no data. Nothing.
Any ideas?
Regards,
John
John Mattia
Sep 29, 2010, 4:21:40 PM9/29/10
to snortreport-users
Now I've tried Snort Report 2.0 beta, and that gives errors on all of
the graph image locations, and still shows no data in the different
tabs.
John
the graph image locations, and still shows no data in the different
tabs.
John
David Gullett
Sep 30, 2010, 12:16:00 PM9/30/10
to snortrep...@googlegroups.com
I'll do a setup from scratch in the next couple of days. It may be that some Ubuntu updates have broken the code since the initial LTS release.
Thanks,
David
Thanks,
David
David Gullett
Sep 30, 2010, 12:20:10 PM9/30/10
to snortrep...@googlegroups.com
Also, what I would try with SR 1 would be to check the MySQL authentication and database name in the SR configuration file.
-----Original Message-----
From: John Mattia <jma...@gmail.com>
Reply-to: snortrep...@googlegroups.com
To: snortreport-users <snortrep...@googlegroups.com>
Subject: Snort Report 1.3.1 - No Data
Date: Wed, 29 Sep 2010 12:42:57 -0700 (PDT)
Beverly
Oct 25, 2010, 5:53:57 PM10/25/10
to snortreport-users
Were you able to resolve this issue? I have followed the document
from David Gullett on setting up Snort 2.9.0 and Snort Report 1.3.1 on
Ubuntu 10.04, but I am having the same No Data issue. I see that
snort is working through the console, but it is just not logging.
Thought?
Thanks,
Beverly
from David Gullett on setting up Snort 2.9.0 and Snort Report 1.3.1 on
Ubuntu 10.04, but I am having the same No Data issue. I see that
snort is working through the console, but it is just not logging.
Thought?
Thanks,
Beverly
Jun Wan
Oct 25, 2010, 8:05:19 PM10/25/10
to snortrep...@googlegroups.com
Hi Beverly,
Pls try the followings (from David Gullett, it works for me):
sudo /usr/local/snort/bin/snort -D -u snort -g snort -c /usr/local/snort/etc/snort.conf -i eth0
sudo /usr/local/bin/barnyard2 -c /usr/local/snort/etc/barnyard2.conf -G /usr/local/snort/etc/gen-msg.map -S /usr/local/snort/etc/sid-msg.map -d /var/log/snort -f snort.u2 -w /var/log/snort/barnyard2.waldo
John
> Date: Mon, 25 Oct 2010 14:53:57 -0700
> Subject: Re: Snort Report 1.3.1 - No Data
> From: bsh...@gmail.com
> To: snortrep...@googlegroups.com
David Gullett
Oct 25, 2010, 9:04:01 PM10/25/10
to snortreport-users
Yes, as long as Snort is capturing data, it's probably an issue with
Barnyard not importing it into MySQL. You can manually look at the
Snort database in MySQL with MySQL's command line utility to see if
any data exists.
On Oct 25, 7:05 pm, Jun Wan <junwei_...@hotmail.com> wrote:
> Hi Beverly,
>
> Pls try the followings (from David Gullett, it works for me):
>
> sudo /usr/local/snort/bin/snort -D -u snort -g snort -c /usr/local/snort/etc/snort.conf -i eth0
> sudo /usr/local/bin/barnyard2 -c /usr/local/snort/etc/barnyard2.conf -G /usr/local/snort/etc/gen-msg.map -S /usr/local/snort/etc/sid-msg.map -d /var/log/snort -f snort.u2 -w /var/log/snort/barnyard2.waldo
>
> John
>
> > Date: Mon, 25 Oct 2010 14:53:57 -0700
> > Subject: Re: Snort Report 1.3.1 - No Data
> > From: bshe...@gmail.com
Barnyard not importing it into MySQL. You can manually look at the
Snort database in MySQL with MySQL's command line utility to see if
any data exists.
On Oct 25, 7:05 pm, Jun Wan <junwei_...@hotmail.com> wrote:
> Hi Beverly,
>
> Pls try the followings (from David Gullett, it works for me):
>
> sudo /usr/local/snort/bin/snort -D -u snort -g snort -c /usr/local/snort/etc/snort.conf -i eth0
> sudo /usr/local/bin/barnyard2 -c /usr/local/snort/etc/barnyard2.conf -G /usr/local/snort/etc/gen-msg.map -S /usr/local/snort/etc/sid-msg.map -d /var/log/snort -f snort.u2 -w /var/log/snort/barnyard2.waldo
>
> John
>
> > Date: Mon, 25 Oct 2010 14:53:57 -0700
> > Subject: Re: Snort Report 1.3.1 - No Data
Beverly
Oct 26, 2010, 2:06:12 PM10/26/10
to snortreport-users
Thanks Jun and David.
I tried Jun's suggestions, and they did not make a difference. My
database is blank, but I do see the snort log files incrementing in
size. I know that it is probably just some small setting that I am
missing to get barnyard to work right.
> > > > John- Hide quoted text -
>
> - Show quoted text -
I tried Jun's suggestions, and they did not make a difference. My
database is blank, but I do see the snort log files incrementing in
size. I know that it is probably just some small setting that I am
missing to get barnyard to work right.
>
> - Show quoted text -
John Kennedy
Oct 26, 2010, 7:22:00 PM10/26/10
to snortrep...@googlegroups.com, bsh...@gmail.com
Beverly,
Is the snort database and snortd process running on the same box?
If yes
Check the log to make sure Barnyard2 started successfully. Is it running?
Does the db user have appropriate permissions to connect from localhost?
Does the db user have appropriate permissions to connect from localhost?
Check the database logs for failed logins.
If No:
Make sure barnyard2 is running with appropriate command line flags set.
Does the db user have appropriate permissions to connect to the database from the sensor?
For example if you had a DB user called snort created in MySQL. The DB user [snort] should be able to connect to the snort database from any IP or a single IP.
Check DB logs for failed logins.
90% of the time if there there is unified2 files and barnyard2 is running and there is no data in the database, it is because the DB user does not have permissions to connect and insert the data into the database.
Good luck
John Kennedy
John Kennedy
Oct 26, 2010, 7:34:41 PM10/26/10
to snortrep...@googlegroups.com, bsh...@gmail.com
I am assuming here that there is no data in the database at all...
If there is data in the database, but you don't see anything in Snort Report, make sure that the DB User you entered in the Snort Report Config file has permissions to connect to the snort database.
John
Hanis Roslan
Oct 30, 2012, 5:42:14 AM10/30/12
to snortrep...@googlegroups.com
Hi David Gullett,
May i know what is the command sudo /usr/local/bin/barnyard2 -c /usr/local/snort/etc/barnyard2.conf -G /usr/local/snort/etc/gen-msg.map -S /usr/local/snort/etc/sid-msg.map -d /var/log/snort -f snort.u2 -w /var/log/snort/barnyard2.waldo does?
Do we need to leave it running all the rime if we want to view Snortreport on the browser?
Regards,
H Ros
Reply all
Reply to author
Forward
0 new messages