[Snort-users] More barnyard woes

Chris Green cmg at ...671...
Fri Feb 22 08:25:06 EST 2002

[ please obey Reply-To: snort-users at lists.sourceforge.net ]

<bthaler at ...2720...> writes:

> Barnyard experts:
> When I run:
> barnyard -f snort.log.1014392389
> I get:
> No Files found to read.  Exiting
> Fatal Error, Quitting..
> Exiting

Barnyard doesn't have the clearest usage documentation ( my fault )
nor the most intuitive command line ( haven't seen a good
recommendation ).

Barnyard acts as a daemon in the standard case and the -f is a file
name filter

barnyard  -c /etc/snort/barnyard.conf \
    -d /var/log/snort -g /etc/snort/gen-msg.map \
    -s /etc/snort/sid-msg.map  -f snort.log

note the -d pointing to /var/log/snort

that is the directory where snort logs will be dropped off and scanned

the -f snort.log is a basename filter.

so it looks for /var/log/snort/snort.log.* where the .* is the
timestamp name of the file.

-o is one shot mode and thats designed to be someone testing out or
batch processing something rather than the scanning a directory

> When I run:
> barnyard -o -f snort.log.1014392389
> it seems to work.
> Am I doing something wrong?
> Any help is appreciated.

Chris Green <cmg at ...671...>
This is my signature. There are many like it but this one is mine.

More information about the Snort-users mailing list