Will Pearson

SGUIL stopped working. The snort instance appears to be working correctly but Barnyard is stuck in "Activating". I've destroyed and redone the snort instance and no change. SGUIL still doesn't seem to work, either the SGUIL program or web interface. The program cannot connect to the port for SGUIL.

Is there a way to limit the number of Alerts in SGUIL ?

I'm unable to log into SGUIL. What's the username and password? Yes, I've run nstpasswd.

I'm getting this error message in the NST WUI when I trying to get Snorby to run. Snort, Barnyard, and MariaDB start just fine. It appears to be a ruby on rails issue, though I'm not sure. 00032: ● snorby-worker.service - Worker service 00033: Loaded: loaded (/usr/lib/systemd/system/snorby-worker.service; disabled; vendor preset: disabled) 00034: Active: failed (Result: exit-code) since Thu 2018-08-23 12:39:55 EDT; 1s ago 00035: Docs: https://github.com/Snorby/snorby 00036: Process: 20227 ExecStart=/usr/bin/bundle...

I was able to resolve the issue. I wiped and reloaded the system from scratch, didn't do a yum update this time before I set up snort. Problem though, it seems to get borked when I have it download and use rules from Emerging Threats Open or Snort Registered with my oinkcode? With Emerging Threats all of the entries in Snorby start showing up as "Snort Alert" then it's sid, not the actual message. When I have it download rules from Snort it says the rule update is successful, but barnyard2 hangs...

When I try to set up the snort instance, I get this error. 00001: /var/log/wui/setup_snort.sh 2>&1 & 00002: dirname: missing operand 00003: Try 'dirname --help' for more information. 00004: 00005: 00006: ERROR failed to find snort installation directory 00007: Exit Code: 0 00008: Start: 2017-10-13 15:18:15.447 End: 15:18:39.916 Dur: 24.469 Snort appears to be installed, when I run "rpm -q snort barnyard2" I get this error. snort-2.9.9.0-50.nst26.x86_64 barnyard2-2.1.14-337.25nst26.x86_64 Any idea...