[Snort-users] Barnyard seems to do nothing

Iain Hallam ccidsh at ...10480...
Wed Nov 5 07:43:20 EST 2003


I've got Snort 2.0.2 installed and working fine on my network - although 
it's looking for scans from $HOME_NET to catch local problems rather 
than preventing external problems. I decided that I'd like to process 
Snort's output more flexibly, so I compiled barnyard 0.1 and used "make 
install" to get it set up.

The command line I'm using for barnyard is:

/usr/bin/barnyard -c /etc/snort/barnyard.conf -d /var/log/snort \
   -g /etc/snort/rules/gen-msg.map -s /etc/snort/rules/sid-msg.map \
   -f alert -D

 From the USAGE file I take this to mean that barnyard will work in 
continuous mode, but there never seems to be a barnyard process on the 
system after this runs - I just get:

-*> Barnyard! <*-
Version 0.1.0 (Build 17)
By Andrew R. Baker (andrewb at ...950...)
and Martin Roesch (roesch at ...1935..., www.snort.org)

Can anyone tell me what steps I should take from here to try to find out 
what's going on with barnyard, please?


Iain Hallam.

P.S.: Incidentally, my snort.conf has both alert_unified and log_unified 
output plugins enabled, but only snort.log appears in unified format.

More information about the Snort-users mailing list