[Snort-users] barnyard errors

Bamm Visscher bamm at ...539...
Thu Jul 17 13:33:30 EDT 2003


Shot in the dark here, but are you sure mysql was enabled during the configure and subsequant make? If not, support for the op_acid plugin may not be there.

Bammkkkk

On Thu, Jul 17, 2003 at 03:51:53PM -0400, Scott Renna wrote:
> config hostname: xxxxxx
> config interface: dc0
> config filter: not port 22
> 
> processor dp_alert
> processor dp_log
> processor dp_stream_stat
> 
> output alert_fast
> output log_dump
> 
> output alert_acid_db: mysql, sensor_id 1, database snort, server
> localhost, user root, password xxxxxx
>  output log_acid_db: mysql, database snort, server localhost, user root,
> password xxxxx, detail full
> 
> 
> I will change the user for database logging from root once it's all good
> and tidy.
> Am I supposed to have file names following the alert_fast and log_dump
> items?  Initially I had /var/log/snort/fast.alert and
> /var/log/snort/log.dump
> 
> Scott
> 
> 
> ***************************
> Scott Renna
> Head Systems Administrator
> Dynamic Animation Systems
> 703-503-0500
> 
> *************************** 
> 
> -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net
> [mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Bamm
> Visscher
> Sent: Thursday, July 17, 2003 3:26 PM
> To: snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] barnyard errors
> 
> 
> Can you please include the uncommented portions of your barnyard.conf.
> 
> Bammkkkk
> 
> On Thu, Jul 17, 2003 at 03:07:49PM -0400, Scott Renna wrote:
> > Ok,
> > 
> > So i took a look at the config file and made some changes, but I'm 
> > still running into weird errors when starting barnyard:
> > 
> > -*> Barnyard! <*-
> > Version 0.1.0 (Build 17)
> > By Andrew R. Baker (andrewb at ...950...)
> > and Martin Roesch (roesch at ...1935..., www.snort.org)
> > 
> > Loading Data Processors...
> > dp_alert loaded
> > dp_log loaded
> > dp_stream_stat loaded
> > Loading Built-in Output Plugins...
> > Fast Alert plugin initialized
> > AlertSyslog initialized
> > Log Dump plugin initialized
> > LogPcap initialized
> > AlertCSV initialized
> > Parsing Config file: /usr/local/etc/barnyard.conf
> > WARNING /usr/local/etc/barnyard.conf(135) => Unknown output plugin 
> > "alert_acid_db" referenced, ignoring!WARNING
> > /usr/local/etc/barnyard.conf(136) => Unknown output plugin 
> > "log_acid_db" referenced, ignoring!Archive Directory is NULL Config 
> > File =/usr/local/etc/barnyard.conf Log Dir=/var/log/snort/barnyard/
> > Spool Dir=/var/log/snort
> > Spool File=snort.alert
> > Waldo File=/var/log/snort/waldo.log
> > Sid File=/usr/local/etc/snort/sid-msg.map
> > Gen File=/usr/local/etc/snort/gen-msg.map
> > Hostname=bsdtest
> > Interface=dc0
> > Filter=not port 22
> > Record Number: 0
> > Log Flag: 1
> > Verbosity Level=0
> > File Arg Start: 0
> > Dry Run mode enabled
> > commandline: barnyard -c /usr/local/etc/barnyard.conf -f
> > /var/log/snort.log -g /usr/local/etc/snort/gen-msg.map -s
> > /usr/local/etc/snort/sid-msg.map -L /var/log/snort/barnyard/ -w
> > /var/log/snort/waldo.log -R 
> > 
> > 
> > 
> > Here's the weird part, it says the spool file is snort.alert, however,
> 
> > my command line specifies that the spool file should be 
> > /var/log/snort.log
> > 
> > Is there a good site or forum for troubleshooting Barnyard?  Anyone 
> > got some ideas?
> > 
> > Scott
> > ***************************
> > Scott Renna
> > Head Systems Administrator
> > Dynamic Animation Systems
> > 703-503-0500
> > 
> > ***************************
> >
> 
> 
> -------------------------------------------------------
> This SF.net email is sponsored by: VM Ware
> With VMware you can run multiple operating systems on a single machine.
> WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the
> same time. Free trial click here: http://www.vmware.com/wl/offer/345/0
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list