Jump to content

no alerts BASE HOME

elkabir
 Share

Recommended Posts

elkabir Newbie

elkabir

Posted
Posted

Hello, I followed the tutorial Installing an IIS Web Server logging events to a MySQL Database. everything went well. I have got http://winids. it is static. I see no alerts or TCP, UDP, ICMP. can you tell me how it works?

i joind capture page. help me again

Capture.PNG

Morpheus Newbie

Morpheus

Posted
Posted

There could be several reasons why there are no events being displayed.

  • The WinIDS is plugged into a switch and cannot see all the traffic.
  • The HOME_NET is not set correctly
  • There are actually NO events being triggered

If you believe the above are not causing problems.

Manually add rules to detect on specific packets and log.

elkabir Newbie

elkabir

Posted
  • Author
Posted

hello, thank you for your help. I'm just trying this trick but I do not have a good result. I do not see warning based on my page. when I execute the start.bat file.
where I stop the process of start.bat by pressing "ctrl + c" I get the result from 0 percent

Capture.JPG

Morpheus Newbie

Morpheus

Posted
Posted

It appears there is a networking issue somewhere. I unsure what the problem could be. If you have setup the test rules and are still not seeing events in the Windows Intrusion Detection Systems (WinIDS) security console then there is a blockage somewhere?

You have a custom install which makes it difficult to trouble shoot. Scripts need converted and a LOT of paths needs to be changed. It appears the tutorial is working but there its not detecting network traffic.

The test rules will detect all network traffic. If you open the browser and it things are happening that traffic will be logged as an event and sent through to the console.

Morpheus Newbie

Morpheus

Posted
Posted

Everything in the above terminal window is normal for Barnyard2 starting up. The more Barnyard2 is ran the fewer 'Warnings' get displayed, which is normal. It is waiting for events to be logged by Snort. Any events will be displayed in the above window.

Is there any files of size in the snort/log folder?

Attach your snort.conf and your barnyard2.conf.

Morpheus Newbie

Morpheus

Posted
Posted

Stop snort, stop Barnyard2, delete all the files in the log folder, from the attached .zip replace the configuration files, and reboot.

I'm not sure beyond this. My suggestion if this doesn't work to start over fresh on everything and follow the tutorial.

Good luck...

files.zip

elkabir Newbie

elkabir

Posted
  • Author
Posted (edited)

thank very much.

I did exactly what you said, but nothing

and more recent problem, I also see that Snort does not start in services. when I tried to boot, I get the 1067 error message: "the process has unexpectedly stop" 

Edited by elkabir
  • 7 months later...
Morpheus Newbie

Morpheus

Posted
Posted
19 minutes ago, arhamnajmi1995 said:

Do we realy need barnyard??? IM now having the same problem, what exactly do I need to do to get BASE running . Do I hve to run any commands for snort??? then go to BASE on website?

If you follow the guide it works. What is the error you are receiving?

Yes, you need barnyard2 in order to shuttle the events from the snort log to the database.

 

arhamnajmi1995 Newbie

arhamnajmi1995

Posted
Posted

actually there are no errors that we are receiving. Should Barnyard be at the same DRIVE as the other installers and folders. 

For example: Can I have Barnyard stay on drive D while others are on drive C?? and I would like to know the exact steps on How to get that BASE detecting the TCP or other packets runnning, Where do I start? I am very lost.

Morpheus Newbie

Morpheus

Posted
Posted
32 minutes ago, arhamnajmi1995 said:

actually there are no errors that we are receiving. Should Barnyard be at the same DRIVE as the other installers and folders. 

For example: Can I have Barnyard stay on drive D while others are on drive C?? and I would like to know the exact steps on How to get that BASE detecting the TCP or other packets runnning, Where do I start? I am very lost.

You need to follow the guide. The guides have all paths hard coded into them, as does any of the scripts that need to be ran. It is very possible to put programs anywhere as long as everything gets linked in the end. Missing one configuration would most likely cause a failure.

If you have completed the tutorial using your custom configuration and have gotten to the end with no errors then its conceivable that everything is linked correctly.

There are a lot of reasons why there are no events; Snort not running, Barnyard2 not running, misconfigured snort.conf, monitoring the wrong interface, connected to a switch with no mirroring enabled, possibly there are no events being triggered, etc...

Did you try to manually trigger events. There is a topic on that, use the search function.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...