[Oisf-users] Suricata / Snorby Events errors

Shirkdog shirkdog at gmail.com
Tue Jan 3 13:28:06 UTC 2012 

This should not be a problem in the latest Snorby, but for earlier
versions I made a cronjob check for whether the delayed job was
running and started it. The following was the script I called from the
cronjob every */5 minutes. The ruby script required to be run in the
Snorby directory (change that to wherever you installed it).

#!/bin/sh

#Local fixes for Snorby with Apache
#
TEST=`ps aux|grep delayed_job`;

if [ ! $TEST ];
then
        cd /usr/local/www/Snorby;
        /usr/local/bin/ruby script/delayed_job start;
fi

---
Shirkdog
Free your Mind...
http://www.shirkdog.us



On Tue, Jan 3, 2012 at 6:47 AM, Victor Julien <victor at inliniac.net> wrote:
> Can you check if it is still running? Or restart it to see if that makes
> the events flow again?
>
> On 01/03/2012 12:41 PM, Amrith Z wrote:
>>
>> Hi,
>>
>> Yes, barnyard2 is also running. But maybe not the way it has to ?
>>
>> Thx
>>
>>> Date: Tue, 3 Jan 2012 12:38:58 +0100
>>> From: victor at inliniac.net
>>> To: oisf-users at openinfosecfoundation.org
>>> Subject: Re: [Oisf-users] Suricata / Snorby Events errors
>>>
>>> On 01/03/2012 12:14 PM, Amrith Z wrote:
>>>>
>>>> Hi All,
>>>>
>>>> I'm running Suricata with Snorby. The problem I have has already happened to me several times, and might come from Snorby, and not Suricata. What is happening is that by running Suricata, I do not see any alerts in the Events list of Snorby anymore.
>>>> I see an alert in Snorby in the "Worker & Job Queue" section saying "Warning : the sensor cache job is not running". Nothing seems to change when I restart it with the interface. I found the /etc/init.d/worker script, but it doesn't work.
>>>>
>>>> Any ideas ?
>>>
>>> I assume you have barnyard2 running as well in this setup. Can you check
>>> if it is still running? Or restart it to see if that makes the events
>>> flow again?
>>>
>>> --
>>> ---------------------------------------------
>>> Victor Julien
>>> http://www.inliniac.net/
>>> PGP: http://www.inliniac.net/victorjulien.asc
>>> ---------------------------------------------
>>>
>>> _______________________________________________
>>> Oisf-users mailing list
>>> Oisf-users at openinfosecfoundation.org
>>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>
>
>
> --
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
>
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users

More information about the Oisf-users mailing list