IT Team

Hi Morpheus Just wanted to say a big thank you for your time and effort. Thanks Gary

Hi, It seems to be working fine now, I am receiving events in barnyard. Can you tell me how i can delete all data that has been collected so far that is stored in the snort sql DB. Want to start with a clean DB so i can monitor new events. Thanks Gary

So just after i posted the above message i got an event in barnyard, but im not sure what it means. See pic

Hi Morpheus So i reconfigured my mirror port today just to be sure and i think its working fine. (See screen shot) Lots of received packets. Can you please help me in turning all the rules on and seeing if i get data in barnyard2 Thanks Gary

HI Deleted everything in the log folder. Home_net is set as such : # Setup the network addresses you are protecting ipvar HOME_NET any # Set up the external network addresses. Leave as "any" in most situations ipvar EXTERNAL_NET any I’m trying to check the config on our Cisco 3750 but I’m sure port mirroring is working ok. Rebooted snort server and it just sits there waiting for new data. *** Seeing as it logs traffic when using the test rule does that mean it is capturing data fine, So this tells me that one of the other rules is blocking the data capture ?? black_list.rules, deleted.rules, experimental.rules, local.rules, white_list.rules, winids.rules Thanks, Gary

Hi Morpheus So i spoke to soon, Yesterday i removed the test.rules and restarted snort and barnyard2 both was running and collecting data. Today i went to check on new events and there was none, so logged onto the server and its stopped logging. Same issue as before (Waiting for new data). So i am guessing that there is an issue with the rule set i am using. Can you take a look at my rules ? or do you think it might be something else. Thanks Gary

Hi Morpheus Manually triggering the events worked, Snort is now collection data. Thanks for your help

Hi Morpheus Any update on my issue with not collection data. Thanks Gary

Hi All So my Barnyard2 cmd is just sitting at a waiting for new data prompt and has been like this all weekend, there is no data being passed to winids console either. Seems to me that barnyard is not receiving any traffic. If i run the test commands : d:\winids\snort\bin\snort -v -i1 or i2 both display's traffic and (warning: no preprocessors configured for policy 0). If i run d:\winids\activators\by2-test config file successfully loads. Running 'perl d:\winids\pulledpork\pulledpork.pl -c d:\winids\pulledpork\etc\pulledpork.conf -T completes in about 30 mins no erros Running d:\winids\snort\bin\snort -c d:\winids\snort\etc\snort.conf -l d:\winids\snort\log -i1 -T (snort validated the config file successfully) All services are running and started Does anyone have any ideas what i am missing ? Thanks Gary