[Snort-users] barnyard errors

Scott Renna srenna at ...9588...
Thu Jul 17 12:53:17 EDT 2003


config hostname: xxxxxx
config interface: dc0
config filter: not port 22

processor dp_alert
processor dp_log
processor dp_stream_stat

output alert_fast
output log_dump

output alert_acid_db: mysql, sensor_id 1, database snort, server
localhost, user root, password xxxxxx
 output log_acid_db: mysql, database snort, server localhost, user root,
password xxxxx, detail full


I will change the user for database logging from root once it's all good
and tidy.
Am I supposed to have file names following the alert_fast and log_dump
items?  Initially I had /var/log/snort/fast.alert and
/var/log/snort/log.dump

Scott


***************************
Scott Renna
Head Systems Administrator
Dynamic Animation Systems
703-503-0500

*************************** 

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Bamm
Visscher
Sent: Thursday, July 17, 2003 3:26 PM
To: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] barnyard errors


Can you please include the uncommented portions of your barnyard.conf.

Bammkkkk

On Thu, Jul 17, 2003 at 03:07:49PM -0400, Scott Renna wrote:
> Ok,
> 
> So i took a look at the config file and made some changes, but I'm 
> still running into weird errors when starting barnyard:
> 
> -*> Barnyard! <*-
> Version 0.1.0 (Build 17)
> By Andrew R. Baker (andrewb at ...950...)
> and Martin Roesch (roesch at ...1935..., www.snort.org)
> 
> Loading Data Processors...
> dp_alert loaded
> dp_log loaded
> dp_stream_stat loaded
> Loading Built-in Output Plugins...
> Fast Alert plugin initialized
> AlertSyslog initialized
> Log Dump plugin initialized
> LogPcap initialized
> AlertCSV initialized
> Parsing Config file: /usr/local/etc/barnyard.conf
> WARNING /usr/local/etc/barnyard.conf(135) => Unknown output plugin 
> "alert_acid_db" referenced, ignoring!WARNING
> /usr/local/etc/barnyard.conf(136) => Unknown output plugin 
> "log_acid_db" referenced, ignoring!Archive Directory is NULL Config 
> File =/usr/local/etc/barnyard.conf Log Dir=/var/log/snort/barnyard/
> Spool Dir=/var/log/snort
> Spool File=snort.alert
> Waldo File=/var/log/snort/waldo.log
> Sid File=/usr/local/etc/snort/sid-msg.map
> Gen File=/usr/local/etc/snort/gen-msg.map
> Hostname=bsdtest
> Interface=dc0
> Filter=not port 22
> Record Number: 0
> Log Flag: 1
> Verbosity Level=0
> File Arg Start: 0
> Dry Run mode enabled
> commandline: barnyard -c /usr/local/etc/barnyard.conf -f
> /var/log/snort.log -g /usr/local/etc/snort/gen-msg.map -s
> /usr/local/etc/snort/sid-msg.map -L /var/log/snort/barnyard/ -w
> /var/log/snort/waldo.log -R 
> 
> 
> 
> Here's the weird part, it says the spool file is snort.alert, however,

> my command line specifies that the spool file should be 
> /var/log/snort.log
> 
> Is there a good site or forum for troubleshooting Barnyard?  Anyone 
> got some ideas?
> 
> Scott
> ***************************
> Scott Renna
> Head Systems Administrator
> Dynamic Animation Systems
> 703-503-0500
> 
> ***************************
>


-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the
same time. Free trial click here: http://www.vmware.com/wl/offer/345/0
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list