[Snort-users] Barnyard seems to do nothing
ccidsh at ...10480...
Wed Nov 5 07:43:20 EST 2003
I've got Snort 2.0.2 installed and working fine on my network - although
it's looking for scans from $HOME_NET to catch local problems rather
than preventing external problems. I decided that I'd like to process
Snort's output more flexibly, so I compiled barnyard 0.1 and used "make
install" to get it set up.
The command line I'm using for barnyard is:
/usr/bin/barnyard -c /etc/snort/barnyard.conf -d /var/log/snort \
-g /etc/snort/rules/gen-msg.map -s /etc/snort/rules/sid-msg.map \
-f alert -D
From the USAGE file I take this to mean that barnyard will work in
continuous mode, but there never seems to be a barnyard process on the
system after this runs - I just get:
-*> Barnyard! <*-
Version 0.1.0 (Build 17)
By Andrew R. Baker (andrewb at ...950...)
and Martin Roesch (roesch at ...1935..., www.snort.org)
Can anyone tell me what steps I should take from here to try to find out
what's going on with barnyard, please?
P.S.: Incidentally, my snort.conf has both alert_unified and log_unified
output plugins enabled, but only snort.log appears in unified format.
More information about the Snort-users