[Snort-sigs] how to clear the caches of snort/barnyard?

闫振宇 yanzhenyu at ...3670...
Thu Apr 12 06:22:45 EDT 2012


Hi,all
      I rewrited  my snort.conf.I wanted  snort to output snort.log.and I started up snort&barnyard,but it seemed that the new configuration file  didn't work. The 'spool filebase'   option of barnyard  was  merged.log not snort.log.

1st.  snort.conf

........
###################################################
# Step #6: Configure output plugins
# For more information, see Snort Manual, Configuring Snort - Output Modules
###################################################
# unified2
# Recommended for most installs
  output unified2: filename snort.log, limit 128
# output unified2: filename merged.log, limit 128, nostamp, mpls_event_types, vlan_event_types
# Additional configuration for specific types of installs
# output alert_unified2: filename snort.alert, limit 128, nostamp
# output log_unified2: filename snort.log, limit 128, nostamp 


2nd.Start up snort&&barnyard
snort -c /etc/snort/snort.conf -i eth0 
/usr/local/bin/barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.log -w /var/log/snort/barnyard.waldo 



But barnyard  
database: using the "log" facility
        --== Initialization Complete ==--
  ______   -*> Barnyard2 <*-
 / ,,_  \  Version 2.1.9 (Build 263)
 |o"  )~|  By the SecurixLive.com Team: http://www.securixlive.com/about.php
 + '''' +  (C) Copyright 2008-2010 SecurixLive.
           Snort by Martin Roesch & The Snort Team: http://www.snort.org/team.html
           (C) Copyright 1998-2007 Sourcefire Inc., et al.
Using waldo file '/var/log/snort/barnyard.waldo':
    spool directory = /var/log/snort
    spool filebase  = merged.log
    time_stamp      = 1334199055
    record_idx      = 210
Waiting for new spool file

what's the error? Can any one help me? 

2012-04-12 



  
闫振宇 系统部

北京窝窝团信息技术有限公司
______________________________________________________________________________________________________
Add:北京市海淀区农大南路1号硅谷亮城9号楼1层 邮编:100080
Tel:+86-10-59065069 Mob:+86-13261949497
E-mail:yanzhenyu at ...3670... www.55tuan.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20120412/d10323f5/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ???logo signature(07-27-16-48-28).png
Type: application/octet-stream
Size: 8218 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20120412/d10323f5/attachment.obj>


More information about the Snort-sigs mailing list