Jump to content

Snort, barnyard2, snort pulledpork, and base IDS system Need Help


Recommended Posts

atiustira

Well I learned quite a bit about Snort Network Intrusion Detection System along the way. The old tweak it till it breaks then fix it way of learning

gives one much experience. What I finally found out was this. The default pass word for barnyard2 is something like snortdb. While I thought Hmm

not a very secure password. So I added a special keyboard char of " - " and that one little dash mark turned out to be the thing that caused it to not work! And it didnt throw any errors to syslog out put. I wound up using a longer very secure password with more special keyboard chars and it threw a error, with the code line number. Thats how I found it. So if the offer is still open I finally debugged that, but still I cant seem to get any info in the Basic Analysis and Security Engine (BASE)front end, and I am not sure how to check the MySQL data base to be sure that the data is getting transferred there. Any suggestions please?

Edited by atiustira
Link to post
Share on other sites
  • Replies 62
  • Created
  • Last Reply

Top Posters In This Topic

  • securitybreach

    27

  • atiustira

    26

  • crp

    4

Top Posters In This Topic

Popular Posts

there was a problem in doing the apt-get or you are just concerned about a problem maybe occuring?apt-get will leave alone any package that is already installed at same level or later , will give you

So his infamy is common knowledge all over the web then.Obviously he will not tell us where ,how and who really trained him or who he is spooking for.Or even if he is spooking.   His second "job" h

Yes, I meant completely starting over from scratch and following one guide. It is hard to troubleshoot anything when you follow numerous guides setting things up.

atiustira

Thank you securitybreach

 

root@zina-desktop:/home/zina# mysqlcheck -A -p
Enter password:
archive.acid_ag								 OK
archive.acid_ag_alert							 OK
archive.acid_event								 OK
archive.acid_ip_cache							 OK
archive.base_roles								 OK
archive.base_users								 OK
archive.data									 OK
archive.detail									 OK
archive.encoding								 OK

 

They all check out ok like this.

Might be that my I am not firing a alert.

 

Found a way to check MySQL data base content.

 

mysql> SHOW DATABASES;
+--------------------+
| Database		   |
+--------------------+
| information_schema |
| archive		    |
| customer		   |
| myapp_development  |
| myapp_test		 |
| mysql			  |
| performance_schema |
| phpmyadmin		 |
| snort			  |
+--------------------+
9 rows in set (0.00 sec)
mysql> show tables;
+------------------+
| Tables_in_snort  |
+------------------+
| acid_ag		  |
| acid_ag_alert    |
| acid_event	   |
| acid_ip_cache    |
| base_roles	   |
| base_users	   |
| data			 |
| detail		   |
| encoding		 |
| event		    |
| icmphdr		  |
| iphdr		    |
| opt			  |
| reference	    |
| reference_system |
| schema		   |
| sensor		   |
| sig_class	    |
| sig_reference    |
| signature	    |
| tcphdr		   |
| udphdr		   |
+------------------+
22 rows in set (0.00 sec)
mysql> DESCRIBE acid_ag_alert;
+--------+------------------+------+-----+---------+-------+
| Field  | Type			 | Null | Key | Default | Extra |
+--------+------------------+------+-----+---------+-------+
| ag_id  | int(10) unsigned | NO   | PRI | NULL    |	   |
| ag_sid | int(10) unsigned | NO   | PRI | NULL    |	   |
| ag_cid | int(10) unsigned | NO   | PRI | NULL    |	   |
+--------+------------------+------+-----+---------+-------+
3 rows in set (0.00 sec)
mysql> SELECT * FROM acid_ag_alert;
Empty set (0.00 sec)

Edited by atiustira
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...