Jump to content

Snort, barnyard2, snort pulledpork, and base IDS system Need Help


atiustira
 Share

Recommended Posts

Well I learned quite a bit about Snort Network Intrusion Detection System along the way. The old tweak it till it breaks then fix it way of learning

gives one much experience. What I finally found out was this. The default pass word for barnyard2 is something like snortdb. While I thought Hmm

not a very secure password. So I added a special keyboard char of " - " and that one little dash mark turned out to be the thing that caused it to not work! And it didnt throw any errors to syslog out put. I wound up using a longer very secure password with more special keyboard chars and it threw a error, with the code line number. Thats how I found it. So if the offer is still open I finally debugged that, but still I cant seem to get any info in the Basic Analysis and Security Engine (BASE)front end, and I am not sure how to check the MySQL data base to be sure that the data is getting transferred there. Any suggestions please?

Edited by atiustira
Link to comment
Share on other sites

Thank you securitybreach

 

root@zina-desktop:/home/zina# mysqlcheck -A -p
Enter password:
archive.acid_ag								 OK
archive.acid_ag_alert							 OK
archive.acid_event								 OK
archive.acid_ip_cache							 OK
archive.base_roles								 OK
archive.base_users								 OK
archive.data									 OK
archive.detail									 OK
archive.encoding								 OK

 

They all check out ok like this.

Might be that my I am not firing a alert.

 

Found a way to check MySQL data base content.

 

mysql> SHOW DATABASES;
+--------------------+
| Database		   |
+--------------------+
| information_schema |
| archive		    |
| customer		   |
| myapp_development  |
| myapp_test		 |
| mysql			  |
| performance_schema |
| phpmyadmin		 |
| snort			  |
+--------------------+
9 rows in set (0.00 sec)
mysql> show tables;
+------------------+
| Tables_in_snort  |
+------------------+
| acid_ag		  |
| acid_ag_alert    |
| acid_event	   |
| acid_ip_cache    |
| base_roles	   |
| base_users	   |
| data			 |
| detail		   |
| encoding		 |
| event		    |
| icmphdr		  |
| iphdr		    |
| opt			  |
| reference	    |
| reference_system |
| schema		   |
| sensor		   |
| sig_class	    |
| sig_reference    |
| signature	    |
| tcphdr		   |
| udphdr		   |
+------------------+
22 rows in set (0.00 sec)
mysql> DESCRIBE acid_ag_alert;
+--------+------------------+------+-----+---------+-------+
| Field  | Type			 | Null | Key | Default | Extra |
+--------+------------------+------+-----+---------+-------+
| ag_id  | int(10) unsigned | NO   | PRI | NULL    |	   |
| ag_sid | int(10) unsigned | NO   | PRI | NULL    |	   |
| ag_cid | int(10) unsigned | NO   | PRI | NULL    |	   |
+--------+------------------+------+-----+---------+-------+
3 rows in set (0.00 sec)
mysql> SELECT * FROM acid_ag_alert;
Empty set (0.00 sec)

Edited by atiustira
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...