I have a fresh install of Snort 126.96.36.199 with Mysql, Barnyard, Base 1.4.1, and Ntop running on CentOS5.2. I have ssnort up and running with 2 NICs Eth3-monitoring and Eth1-sniffing and have followed the testing procedure posted by Juergen Leising on 2008-6-26, which is listed below:
1. Can snort detect anything ? I ran snort -vde -i eth1 -n 50
packets received on screen.
2. Is snort.conf syntactically correct? I ran snort -T -cc /etc/snort
Snort successfully loaded all rules and rule chains.
3. Can snort qualify some of the observed data as alerts?
I ran snort in ids mode snort -vde -i eth1 -L snort.pcap -c /etc/snort.conf -n 100
Data received on screen
4. Does snort trigger any alerts at all?
looked in /var/log/messages
Alerts are posting and barnyard is processing them
5. Is the database syntactically ok? I ran mysqlcheck --check snort -u snort -p
All checked ok
6. Do any packets show up in mysql database?
mysql> select * from event where timeswtamp like '%2009-03-26%';
The responce was 1663 rows in 1 set (Data is present)
The Base webpage is up and wants to be active but it appears to not be reading the data on sensor my Sensor/Total is 0/0
all data is 0. I would like to get this up and running any
assistance would be appreciated.