[Snort-users] Duplicate classification, barnyard HUP

Michael Scheidell scheidell at ...5171...
Fri Oct 11 05:12:03 EDT 2002


I know that barnyard rc4 is due out soon, and great work by the way!

One more thing thast I have been meaning to document, I just updated
sid-msg.map and HUPed baryard, and syslog shows a lot of lines like this:

Oct 11 08:04:51 [internal] barnyard: WARNING
/etc/snort/classification.config(132): Duplicate classification
"default-login-attempt"found, ignoring this line
Oct 11 08:04:51 [internal] barnyard: Barnyard Version 0.1.0-rc3 (Build 11)
started

It seems that on a HUP, the classification fils are opened twice.

It may be due to the directly spefified -g and -s options on command line
during startup?

anyone HUP barnyard and look at syslog output?

/usr/local/bin/barnyard -c /etc/snort/barnyard.conf \
 -d /var/log/snort -t /var/log/snort -f log -L /var/log/snort \
-w /var/log/snort/waldo.log -a /var/log/snort/tmp \
-g /etc/snort/rules/gen-msg.map -s /etc/snort/rules/sid-msg.map
-- 
Michael Scheidell
SECNAP Network Security
Sales: 866-SECNAPNET / (1-866-732-6276)
Main: 561-368-9561 / www.secnap.net
Looking for a career in Internet security?
http://www.secnap.net/employment/




More information about the Snort-users mailing list