Alerts Not Showing - Snorby/snorby GitHub Wiki
The lifecycle of an alert goes:
snort -> merge.log -> barnyard2 -> database
Alerts are generated when a rule matches network traffic. If you believe your rules are configured correctly, go to www.testmyids.com from a monitored portion of the network. Generally speaking, most rulesets will alert to the traffic that is returned from that website.
If that does not work, then begin troubleshooting:
In the snort.conf, there should be a line that says you want to log to a local file in unified2 format like: output log_unified: filename snort.log, limit 128
Then barnyard2 needs to know what unified2 file you're using and where it's at: /usr/local/bin/barnyard2 -c /etc/barnyard2.conf -d /var/log/snort -f snort.log
Barnyard2 should also know the details of your database, and this is specified in barnyard2.conf: output database: log, mysql, dbname=snorby user=snort password=test
** Be sure to check that the database name is correct (usually the correct database is 'snorby', but people often accidentally leave it at 'snort'). **
If the configuration seems correct, then try www.testmyids.com again.