[Snort-users] Help with barnyard

Chris Eidem jceidem at ...2191...
Thu Oct 18 09:16:22 EDT 2001


Fellow snorters,

I'm trying to get barnyard to do _something_.  If I start snort thusly:
(pwd=/usr/local/snort)
snort -c ./snortuo.conf -i xl1

I get [snipped ouput]: 
UnifiedAlertFilename = snort.alert
Opening /var/log/snort/1018 at ...3861...
923 Snort rules read...
923 Option Chains linked into 921 Chain Headers
0 Dynamic rules
+++++++++++++++++++++++++++++++++++++++++++++++++++

Rule application order: ->activation->dynamic->alert->pass->log

        --== Initialization Complete ==--

-*> Snort! <*-
Version 1.8.1-RELEASE (Build 74)
By Martin Roesch (roesch at ...1935..., www.snort.org)

and then run barnyard (again from /usr/local/snort)
barnyard -c ./barnyard.conf -s ./sid-msg.map -g ./gen-msg.map -d
/var/log/snort -f snort.alert

I get:

   --== Initializing Barnyard ==--

-*> Barnyard! <*-
Version 0.1.0-beta4 (Build 5)
By Martin Roesch (roesch at ...1935..., www.snort.org)
and Andrew R. Baker (andrewb at ...671...)

Loading Data Processors...
dp_alert loaded
dp_log loaded
dp_stream_stat loaded
Loading Built-in Output Plugins...
Fast Alert plugin initialized
AlertSyslog initialized
Log Dump plugin initialized
LogPcap initialized
AcidDb output plugin initialized
Parsing Config file: ./barnyard.conf

   --== Initialization Complete ==--

No Files found to read.  Exiting
Fatal Error, Quitting..
Exiting


No files found?  Even if I add the time stamp to the command above I get
the same thing.  This has got to be a stupid thing I'm missing when
trying to run this.  I mean I personally have stupid to spare, but what
detail have I skipped?

<pertinent info>
OpenBSD 2.8-stable

[snippage from snortuo.conf]

# unified: Snort unified binary format alerting and logging
# -------------------------------------------------------------
.
.
.
#
output alert_unified: snort.alert
output log_unified: snort.log

include /usr/local/snort/exploit.rules
include /usr/local/snort/scan.rules
.
.
.
include /usr/local/snort/local.rules

</pertinent info>


Chris Eidem                        Dexma, Inc.
Network Administrator              7701 York Av. S.
Phone: 952.229.1311                Edina, MN 55435




More information about the Snort-users mailing list