[Snort-users] Troubleshooting barnyard

Jason Lewis jlewis at ...2449...
Mon Oct 15 19:44:40 EDT 2001


I realize it is beta, but I have high hopes for it.  I see barnyard running
through my existing spool files and it seems to be doing something.  Nothing
makes it into the DB though.  Barnyard seems to connect to the DB correctly,
I change the user and it gave me an error.

Is there an order to starting snort and barnyard?  Does one need to start
first?

Can I only run one instance of barnyard?  Can the snort.alert and snort.log
be the same file?

I couldn't find a whole lot to help me out, maybe I am overlooking
something.

Here is the output from the dry run (-R).

   --== Initializing Barnyard ==--

-*> Barnyard! <*-
Version 0.1.0-beta4 (Build 5)
By Martin Roesch (roesch at ...1935..., www.snort.org)
and Andrew R. Baker (andrewb at ...671...)

Loading Data Processors...
dp_alert loaded
dp_log loaded
dp_stream_stat loaded
Loading Built-in Output Plugins...
Fast Alert plugin initialized
AlertSyslog initialized
Log Dump plugin initialized
LogPcap initialized
AcidDb output plugin initialized
Parsing Config file: /etc/snort/barnyard.conf
Args: mysql, sensor_id prozac, database snort, server 10.10.0.17, user
snort, password snort
Args: mysql, sensor_id prozac, database snort, server 10.10.0.17, user
snort, password snort, detail full
Archive Directory is NULL
Config File =/etc/snort/barnyard.conf
Log Dir=/var/log/snort
Spool Dir=/var/log/snort
Spool File=snort.log
Waldo File is NULL
Sid File=/etc/snort/sid-msg.map
Gen File=/etc/snort/gen-msg.map
Record Number: 0
Log Flag: 0
File Arg Start: 0
Dry Run mode enabled
commandline:barnyard -R -c /etc/snort/barnyard.conf -d /var/log/snort -g
/etc/snort/gen-msg.map -s /etc/snort/sid-msg.map -f snort.log

Jason Lewis
http://www.packetnexus.com
It's not secure "Because they told me it was secure".
The people at the other end of the link know less
about security than you do. And that's scary.








More information about the Snort-users mailing list