I was able to resolve the issue. I wiped and reloaded the system from scratch, didn't do a yum update this time before I set up snort. Problem though, it seems to get borked when I have it download and use rules from Emerging Threats Open or Snort Registered with my oinkcode? With Emerging Threats all of the entries in Snorby start showing up as "Snort Alert" then it's sid, not the actual message. When I have it download rules from Snort it says the rule update is successful, but barnyard2 hangs upon reinitialization. Seems like it's got a problem importing rules into it.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
1) NST supports starting snort (also barnyard2 / mariadb / snorby) via the NST WUI only.
2) It can take upwards of 2 - 5 minutes until snort / barnyard2 / mariadb settles (Response to barnyard2 hanging above...)
3) Rules sets may need to be altered for your environment. Some rules may need to be enabled / disabled for proper snort operation.
---RWH
Last edit: Ronald W. Henderson 2017-10-14
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
The NST WUI snort page is designed to manage snort on NST. If you remove the "/var/nst/snort" dir then the NST WUI snort page may not function properly. If you want to manage snort manually without the NST WUI, then it is up to you if you would like to remove this directory.
---RWH
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
When I try to set up the snort instance, I get this error.
00001: /var/log/wui/setup_snort.sh 2>&1 &
00002: dirname: missing operand
00003: Try 'dirname --help' for more information.
00004:
00005:
00006: ERROR failed to find snort installation directory
00007: Exit Code: 0
00008: Start: 2017-10-13 15:18:15.447 End: 15:18:39.916 Dur: 24.469
Snort appears to be installed, when I run "rpm -q snort barnyard2" I get this error.
snort-2.9.9.0-50.nst26.x86_64
barnyard2-2.1.14-337.25nst26.x86_64
Any idea what's happening?
I was able to resolve the issue. I wiped and reloaded the system from scratch, didn't do a yum update this time before I set up snort. Problem though, it seems to get borked when I have it download and use rules from Emerging Threats Open or Snort Registered with my oinkcode? With Emerging Threats all of the entries in Snorby start showing up as "Snort Alert" then it's sid, not the actual message. When I have it download rules from Snort it says the rule update is successful, but barnyard2 hangs upon reinitialization. Seems like it's got a problem importing rules into it.
Will:
Tips:
1) NST supports starting snort (also barnyard2 / mariadb / snorby) via the NST WUI only.
2) It can take upwards of 2 - 5 minutes until snort / barnyard2 / mariadb settles (Response to barnyard2 hanging above...)
3) Rules sets may need to be altered for your environment. Some rules may need to be enabled / disabled for proper snort operation.
---RWH
Last edit: Ronald W. Henderson 2017-10-14
Hi, you can delet the snort dir in /var/nst
It works for me
The NST WUI snort page is designed to manage snort on NST. If you remove the "/var/nst/snort" dir then the NST WUI snort page may not function properly. If you want to manage snort manually without the NST WUI, then it is up to you if you would like to remove this directory.
---RWH