[Snort-users] Duplicate classification, barnyard HUP
scheidell at ...5171...
Fri Oct 11 05:12:03 EDT 2002
I know that barnyard rc4 is due out soon, and great work by the way!
One more thing thast I have been meaning to document, I just updated
sid-msg.map and HUPed baryard, and syslog shows a lot of lines like this:
Oct 11 08:04:51 [internal] barnyard: WARNING
/etc/snort/classification.config(132): Duplicate classification
"default-login-attempt"found, ignoring this line
Oct 11 08:04:51 [internal] barnyard: Barnyard Version 0.1.0-rc3 (Build 11)
It seems that on a HUP, the classification fils are opened twice.
It may be due to the directly spefified -g and -s options on command line
anyone HUP barnyard and look at syslog output?
/usr/local/bin/barnyard -c /etc/snort/barnyard.conf \
-d /var/log/snort -t /var/log/snort -f log -L /var/log/snort \
-w /var/log/snort/waldo.log -a /var/log/snort/tmp \
-g /etc/snort/rules/gen-msg.map -s /etc/snort/rules/sid-msg.map
SECNAP Network Security
Sales: 866-SECNAPNET / (1-866-732-6276)
Main: 561-368-9561 / www.secnap.net
Looking for a career in Internet security?
More information about the Snort-users