[Snort-users] More barnyard woes

bthaler at ...2720... bthaler at ...2720...
Fri Feb 22 09:34:02 EST 2002


Thanks, Chris.  That got me sorted out.  Unfortunately, I think barnyard's still way too beta for my needs.





Sincerely,

Brad T. 





----- Original Message ----- 
From: "Chris Green" <cmg at ...671...>
To: <snort-users at lists.sourceforge.net>
Sent: Friday, February 22, 2002 11:24 AM
Subject: Re: [Snort-users] More barnyard woes


> [ please obey Reply-To: snort-users at lists.sourceforge.net ]
> 
> <bthaler at ...2720...> writes:
> 
> > Barnyard experts:
> >
> > When I run:
> > barnyard -f snort.log.1014392389
> >
> > I get:
> > No Files found to read.  Exiting
> > Fatal Error, Quitting..
> > Exiting
> 
> Barnyard doesn't have the clearest usage documentation ( my fault )
> nor the most intuitive command line ( haven't seen a good
> recommendation ).
> 
> Barnyard acts as a daemon in the standard case and the -f is a file
> name filter
> 
> 
> barnyard  -c /etc/snort/barnyard.conf \
>     -d /var/log/snort -g /etc/snort/gen-msg.map \
>     -s /etc/snort/sid-msg.map  -f snort.log
> 
> note the -d pointing to /var/log/snort
> 
> that is the directory where snort logs will be dropped off and scanned
> constantly
> 
> the -f snort.log is a basename filter.
> 
> so it looks for /var/log/snort/snort.log.* where the .* is the
> timestamp name of the file.
> 
> -o is one shot mode and thats designed to be someone testing out or
> batch processing something rather than the scanning a directory
> constantly.
> 
> >
> > When I run:
> > barnyard -o -f snort.log.1014392389
> > it seems to work.
> >
> > Am I doing something wrong?
> >
> > Any help is appreciated.
> >
> >
> 
> 
> -- 
> Chris Green <cmg at ...671...>
> This is my signature. There are many like it but this one is mine.
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 





More information about the Snort-users mailing list