0
I have some problem with Snort on Ubuntu server 14.04 I don't know why, if my server going down because the electricity going down and if Iam add some table or add privilages on Snort database(mysql), the Snort alert can not save the alert to database.
I had to do this: ./configure (snort & barnyard2) autoconf -fvi -I ./m4 (barnyard2) sudo apt-get upgrade reboot
I hope someone can solve my problem. Thanks.
Wiedy
Posted 2017-07-17T05:04:14.560
Reputation: 1
Did you create mysql database,user, and setup the privileges correctly? tcpdump -i lo -s 0 -l -w - dst port 3306 | strings Monitor the output this, and report. You may have to change the -i to the interface mysql is listening on. Did you configure banyard2 with the username,password,database, and etc? – cybernard – 2017-07-17T13:09:52.753
Surely Iam config that with following the offcial documentation (snort 2.9.9.0). And I, install and config snort+barnyard more than 3 times. – Wiedy – 2017-07-18T12:54:45.050
these the result of tcpdump -i lo -s 0 -l -w - dst port 3306 | strings:
sudo tcpdump -i lo -s 0 -l -w - dst port 3306 | strings tcpdump: listening on lo, link-type EN10MB (Ethernet), capture size 262144 bytes ^C0 packets captured 0 packets received by filter 0 packets dropped by kernel – Wiedy – 2017-07-18T13:14:13.207
Did you configure banyard2 with the username,password,database, and etc?
Absolutely yes. – Wiedy – 2017-07-18T13:30:18.417