[Snort-users] barnyard payload

Andrew R. Baker andrewb at ...950...
Thu Oct 17 11:09:07 EDT 2002


Alwin Raymundo wrote:
> Hi Everybody,
> 
> Thanks for all your help and I appreciate your
> patience.  The stupid of me I did not double check the
> command line that I execute.  Please pardon me.
> 
> I already change it but I notice something, if someone
> can help I really really apreciate it.
> 
> when I execute the command.
> barnyard  -c /etc/snort/barnyard.conf \
>     -d /var/log/snort -g /etc/snort/gen-msg.map \
>     -s /etc/snort/sid-msg.map -f snort.log
> 
> Barnyard Version 0.1.0-rc3 (Build 11) started
> ERROR => No input plugin found for magic: a1b2c3d4
> Fatal Error, Quitting..
> Exiting
> 
> What does this means.  " ERROR => No input plugin
> found for magic: a1b2c3e4"
> 
> any help would be highly appreciated.

The magic is the first 4 octets of the unified file that is used by 
Barnyard to determine how it should be processed.  However, AFAIK (and i 
maintain the unified output plugin), the value "a1b2c3d4" is never used 
as a magic values when Snort generates a unified file.  What version of 
Snort are you using and what is the unified output configuration in your 
snort.conf?

-A






More information about the Snort-users mailing list