SV: [Snort-users] Configuring Barnyard

Tomas Sjöström tomas.t.sjostrom at ...3574...
Mon Sep 24 23:10:04 EDT 2001


Hi!

I have updated snort to the latest cvs release "Version 1.8.1-current (Build
79)", and barnyard Version 0.1.0. Snort is placed under /etc/snort. Command
to start barnyard is:

"barnyard  -c /etc/snort/barnyard.conf -d /var/log/snort -g
/etc/snort/gen-msg.map -s  /etc/snort/sid-msg.map  -f snort.alert"

Taken directly from the USAGE text file. All files referenced above are
placed in the correct folder. Snort starts ok, and writes continually to
snort log directory, with the pattern " snort.alert.*". The files are in
binary format. Now when starting barnyard, the following message is
received:

<<<<<<<<<<<<<<<snippet>>>>>>>>>>>>>>>>>>>>>>>

   --== Initializing Barnyard ==--

Loading Data Processors...
dp_alert loaded
dp_log loaded
Loading Output Processors...
Fast Alert plugin initialized
Log Dump plugin initialized

   --== Initialization Complete ==--

-*> Barnyard! <*-
Version 0.1.0
By Martin Roesch (roesch at ...1935..., www.snort.org)
and Andrew R. Baker (andrewb at ...671...)

Startup OpFast file pointer at 0x0x8096c10
Segmentation fault (core dumped)

<<<<<<<<<<<<<<<snippet>>>>>>>>>>>>>>>>>>>>>>>

Any other suggestions?

Thanks,

Thomas

> -----Ursprungligt meddelande-----
> Från: cmg at ...671... [mailto:cmg at ...671...]
> Skickat: den 24 september 2001 17:51
> Till: tomas.t.sjostrom at ...3584...
> Kopia: snort-users at lists.sourceforge.net
> Ämne: Re: [Snort-users] Configuring Barnyard
>
>
> Tomas Sjöström <tomas.t.sjostrom at ...3574...> writes:
>
> > 1.  (*) text/plain          ( ) text/html
> >
> > Hi!
> >
> > I am testing the latest release of snort together w/ barnyard. Snort
> > works fine, but barnyard complains over "no files found to
> read", and
> > then exits. Anyone have a solution?
>
> Please share your file structure and command line options.  You are
> probably not indicating what directory the files need to be read from
> --
> Chris Green <cmg at ...671...>
> Don't use a big word where a diminutive one will suffice.
>





More information about the Snort-users mailing list