[Snort-users] barnyard problem

Jasmine CHUA Jasmine.Chua at ...11322...
Fri May 28 03:03:09 EDT 2004


 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all

barnyard works at first. But stopped working the next time I start it. It's
supposed to create a waldo file by itself but it dint. Below is the strace
output.   

I am using barnyard-1.0. 

Anyone encountering the same problem?  


write(2, "Loading Data Processors...\n", 27Loading Data Processors...
) = 27
write(2, "dp_alert loaded\n", 16dp_alert loaded
)       = 16
write(2, "dp_log loaded\n", 14dp_log loaded
)         = 14
write(2, "dp_stream_stat loaded\n", 22dp_stream_stat loaded
) = 22
write(2, "Loading Built-in Output Plugins."..., 35Loading Built-in Output
Plugins...
) = 35
write(2, "Fast Alert plugin initialized\n", 30Fast Alert plugin initialized
) = 30
write(2, "AlertSyslog initialized\n", 24AlertSyslog initialized
) = 24
write(2, "Log Dump plugin initialized\n", 28Log Dump plugin initialized
) = 28
write(2, "LogPcap initialized\n", 20LogPcap initialized
)   = 20
write(2, "AcidDb output plugin initialized"..., 33AcidDb output plugin
initialized
) = 33
write(2, "Sguil output plugin initialized\n", 32Sguil output plugin
initialized
) = 32
write(2, "AlertCSV initialized\n", 21AlertCSV initialized
)  = 21
write(2, "Parsing Config file: /etc/snort/"..., 46Parsing Config file:
/etc/snort/barnyard.conf
) = 46
open("/etc/snort/barnyard.conf", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=6021, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x40016000
read(3, "#-------------------------------"..., 4096) = 4096
read(3, "    - ICMP type (if ICMP)\n#   dp"..., 4096) = 1925
time([1085737682])                      = 1085737682
open("/etc/localtime", O_RDONLY)        = 4
fstat64(4, {st_mode=S_IFREG|0644, st_size=56, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x40017000
read(4, "TZif\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\1\0\0\0\1\0"..., 4096) =
56
close(4)                                = 0
munmap(0x40017000, 4096)                = 0
rt_sigaction(SIGPIPE, {0x4013b500, [], SA_RESTORER, 0x400925d8}, {SIG_DFL},
8) = 0
socket(PF_UNIX, SOCK_DGRAM, 0)          = 4
fcntl64(4, F_SETFD, FD_CLOEXEC)         = 0
connect(4, {sa_family=AF_UNIX, path="/dev/log"}, 16) = -1 EPROTOTYPE
(Protocol wrong type for socket)
close(4)                                = 0
socket(PF_UNIX, SOCK_STREAM, 0)         = 4
fcntl64(4, F_SETFD, FD_CLOEXEC)         = 0
connect(4, {sa_family=AF_UNIX, path="/dev/log"}, 16) = 0
send(4, "<29>May 28 09:48:02 barnyard: Ar"..., 165, 0) = 165
rt_sigaction(SIGPIPE, {SIG_DFL}, NULL, 8) = 0
read(3, "", 4096)                       = 0
close(3)                                = 0
munmap(0x40016000, 4096)                = 0
open("/snort_data/barnyard.waldo", O_RDONLY) = -1 ENOENT (No such file or
directory)
time([1085737682])                      = 1085737682
rt_sigaction(SIGPIPE, {0x4013b500, [], SA_RESTORER, 0x400925d8}, {SIG_DFL},
8) = 0
send(4, "<29>May 28 09:48:02 barnyard: In"..., 56, 0) = 56
rt_sigaction(SIGPIPE, {SIG_DFL}, NULL, 8) = 0
fork()                                  = 11156
- --- SIGCHLD (Child exited) @ 0 (0) ---
munmap(0x40015000, 4096)                = 0
exit_group(0)                           = ?

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.1

iQA/AwUBQLcOS/4wcdIw6CVjEQJNjACghTbgSNAR8m0XzfewO7lBB6JHUOAAniNy
O5TL2JqXyY9ydybOuDQxHa8N
=yhBp
-----END PGP SIGNATURE-----




More information about the Snort-users mailing list