[Snort-users] Barnyard run problems

tforeman at ...9429... tforeman at ...9429...
Wed Jun 11 11:26:02 EDT 2003


> > On Wed, 11 Jun 2003 tforeman at ...9429... wrote:
> > 
> > > I have installed barnyard and am trying to get it to run.
> > >
> > > RH 8.0 Kernel: 2.4.20-13.7smp
> > 
> > [...snip...]
> > 
> > > > ERROR => No input plugin found for magic: a1b2c3d4
> > 
> > [...snip...]
> > 
> > It's 'endian-ness'.  The unified data was written on bigendian box
> > (sparc) and is being processed on a little endian box 
> (i386)--Or vice
> > versa.
> > 
> > Change it to use the same kind of boxes and you're good to go.
> > 
> 
> What Erek said would cause this problem, but I think that there is a
> more likely explaination.
> 
> You are feeding Barnyard and snort pcap output file.  
> Barnyard subsists
> exclusively on a diet of snort unified output files.
> 
> See the output unified section of snort.conf
> 
> -steve

Steve hits the nail on the head. I had not changed the snort.conf
file to output unified files. Nicholas Delo also sent me the same
suggestion directly.

Thanks to all for the speedy responses!

--
Timothy W. Foreman   ~   System Administrator   ~   tforeman at ...9429...
Internet Broadcasting Systems ~ (651) 365-4181 ~ http://www.ibsys.com/
--
       I am Dyslexic of Borg. -  Resistors are fertile.
            Prepare to have your ass laminated.




More information about the Snort-users mailing list