Everything appears to be working back end, but, none of the events in Snorby get classified. Data gets picked up by snort, put in the u2 file and then goes in the the database. When I run the cache jobs it shows up in the snorby UI, but, all as unclassified. It looks like it picks up the severities, but, not the detail.
The classification files are present and configured. Does this sound like anything familiar? I could throw conf files and logs at you.
Everything appears to be working back end, but, none of the events in Snorby get classified. Data gets picked up by snort, put in the u2 file and then goes in the the database. When I run the cache jobs it shows up in the snorby UI, but, all as unclassified. It looks like it picks up the severities, but, not the detail.
The classification files are present and configured. Does this sound like anything familiar? I could throw conf files and logs at you.