[Snort-sigs] Unified output for barnyard

Michael Miller michael.miller at ...1811...
Fri Sep 5 12:07:01 EDT 2003


Snort.conf has the usual default output lines:

 output alert_unified: filename snort.alert, limit 128
 output log_unified: filename snort.log, limit 128

Barnyard.conf is very basic:

processor dp_alert and processor dp_log are enabled.

When running a snortlog through barnyard, I get:


scdlelinux01:/home/ids/logs/scdleids01 # barnyard -o -c
/home/ids/rulesets/current/barnyard.conf -f ./snort.log.*

-*> Barnyard! <*-
Version 0.1.0 (Build 17)
By Andrew R. Baker (andrewb at ...95...)
and Martin Roesch (roesch at ...435..., www.snort.org)

Loading Data Processors...
dp_alert loaded
dp_log loaded
dp_stream_stat loaded
Loading Built-in Output Plugins...
Fast Alert plugin initialized
AlertSyslog initialized
Log Dump plugin initialized
LogPcap initialized
AlertCSV initialized
Parsing Config file: /home/ids/rulesets/current/barnyard.conf
Barnyard Version 0.1.0 (Build 17) started
ERROR => No input plugin found for magic: a1b2c3d4
Fatal Error, Quitting..
Exiting
scdlelinux01:/home/ids/logs/scdleids01 #

=============snip===========

I've seen this error a LOT in Google, and the respons has been 'get the
latest version of snort'...well, I did, and I'm still getting the error.






More information about the Snort-sigs mailing list