[Oisf-users] Suricata / Snorby Events errors
Victor Julien
victor at inliniac.net
Tue Jan 3 11:47:33 UTC 2012
Can you check if it is still running? Or restart it to see if that makes
the events flow again?
On 01/03/2012 12:41 PM, Amrith Z wrote:
>
> Hi,
>
> Yes, barnyard2 is also running. But maybe not the way it has to ?
>
> Thx
>
>> Date: Tue, 3 Jan 2012 12:38:58 +0100
>> From: victor at inliniac.net
>> To: oisf-users at openinfosecfoundation.org
>> Subject: Re: [Oisf-users] Suricata / Snorby Events errors
>>
>> On 01/03/2012 12:14 PM, Amrith Z wrote:
>>>
>>> Hi All,
>>>
>>> I'm running Suricata with Snorby. The problem I have has already happened to me several times, and might come from Snorby, and not Suricata. What is happening is that by running Suricata, I do not see any alerts in the Events list of Snorby anymore.
>>> I see an alert in Snorby in the "Worker & Job Queue" section saying "Warning : the sensor cache job is not running". Nothing seems to change when I restart it with the interface. I found the /etc/init.d/worker script, but it doesn't work.
>>>
>>> Any ideas ?
>>
>> I assume you have barnyard2 running as well in this setup. Can you check
>> if it is still running? Or restart it to see if that makes the events
>> flow again?
>>
>> --
>> ---------------------------------------------
>> Victor Julien
>> http://www.inliniac.net/
>> PGP: http://www.inliniac.net/victorjulien.asc
>> ---------------------------------------------
>>
>> _______________________________________________
>> Oisf-users mailing list
>> Oisf-users at openinfosecfoundation.org
>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list