Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: beenph (beenphgmail.com)
Date: Fri May 03 2013 - 17:51:01 CDT
On Fri, May 3, 2013 at 9:31 AM, Lars <technicalfriendyahoo.com> wrote:
> So just as a quick update Snort started populating data into merged.log last
> night so it seems the new -k none option approach helped.
> Another step that
> seemed to affect it but I am not sure was restarting barnyard2 with Snort
> off then starting Snort again with the -k switch and once I fired off
> another scan I saw merged.log get recreated and it grew! Once that happened
> the rest of our stack of tools worked and Snorby began populating moderate
> risk events and logging events to the tables it has.
Barnyard2 can be run independantly of snort. So it has no impact at
all down the road.
The only dependancy is that if you want events to be logged, you will
need to have snort to run
and generate unified2 events.
> Start up process question: As a result of all the above our question is
> then how important is the order of startup process for these pieces? That
> is does Barnyard2 always have to be started first? MySQL? I think we are
> good on getting MySQL and the Apache/Snorby pieces up in the right order,
> but maybe we were missing something with Snort and Barnyard/others?
> (Logging was not happening at all but now some is yes!)
If you use output database with barnyard2 then you have to make sure
that your database
is running before starting barnyard2 else it will try to connect N
times and then
report that i couldn't connect to the database and the process will stop.
(if restarted and the database server is up then it will connect
without an issue)
But beside that if you do not use output database or other barnyard2
output plugin that have some
dependancies there is no other requirement for barnyard2.
Hope this answer some of your questions,
Get 100% visibility into Java/.NET code with AppDynamics Lite
It's a free troubleshooting tool designed for production
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
Snort-users mailing list
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
Please visit http://blog.snort.org to stay current on all the latest Snort news!