Steven Posted January 5, 2017 Report Posted January 5, 2017 I have followed the install instructions in the tutorial, the only errors or issues encountered during the process was with PEAR but im not concerned with that at the moment as that is not ciritical as far as Im aware. Where I have a fundamental problem is that no traffic/alerts are going into BASE and on closer inspection found nothing is going into the MySQL database. SNORT appears to be running ok, its scanning the traffic and logs are created (alert.ids, portscan.log and snort.log) and all have data. The SNORT configuration check also comes back ok. A test rule has been setup so that port 80 traffic generates an alert. Where I think the problem lies is with BARNYARD, the configuration test comes back ok, but when its run it states that it can not find the waldo file. From looking at some of the forums and other documentation there should be two log files that are required merge.log and barnyard.waldo, neither of these appear to exist. I have gone through the instructions again and checked all of the modifications needed for the various config files, while I found a few typos there was nothing I could find related to this issue. Appreciate if you can offer any help. snort.conf barnyard2.conf php.ini base_conf.php barnyard output.txt Quote
Morpheus Posted January 5, 2017 Report Posted January 5, 2017 The merged log file is where Barnyard2 get the events from. and sends to the specified database. The Waldo file is only created after Snort detects and logs the first event to the merged.log.<time stamp> file. The problem is that Snort has yet to detect any events from the setting specified in the snort.conf. There could be several reasons, but it's ALL related to the Snort, which creates the logs. Try here Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.