[Snort-users] barnyard problem

David dwad24 at ...722...
Fri May 28 21:31:02 EDT 2004


 Hey Jasmine, What options and arguments are you running barnyard with?Dave--- On Fri 05/28, Jasmine CHUA < Jasmine.Chua at ...11322... > wrote:From: Jasmine CHUA [mailto: Jasmine.Chua at ...11322...]To: snort-users at ...7753...: Fri, 28 May 2004 18:02:52 +0800Subject: [Snort-users] barnyard problem-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA1Hi allbarnyard works at first. But stopped working the next time I start it. It'ssupposed to create a waldo file by itself but it dint. Below is the straceoutput. I am using barnyard-1.0. Anyone encountering the same problem? write(2, "Loading Data Processors...n", 27Loading Data Processors...) = 27write(2, "dp_alert loadedn", 16dp_alert loaded) = 16write(2, "dp_log loadedn", 14dp_log loaded) = 14write(2, "dp_stream_stat loadedn", 22dp_stream_stat loaded) = 22write(2, "Loading Built-in Output Plugins."..., 35Loading Built-in OutputPlugins...) = 35write(2, "Fast Alert plugin initializedn", 30Fast Alert plugin initialized) = 30write(2, "AlertSyslog initializedn", 24AlertSyslog initialized) = 24write(2, "Log Dump plugin initializedn", 28Log Dump plugin initialized) = 28write(2, "LogPcap initializedn", 20LogPcap initialized) = 20write(2, "AcidDb output plugin initialized"..., 33AcidDb output plugininitialized) = 33write(2, "Sguil output plugin initializedn", 32Sguil output plugininitialized) = 32write(2, "AlertCSV initializedn", 21AlertCSV initialized) = 21write(2, "Parsing Config file: /etc/snort/"..., 46Parsing Config file:/etc/snort/barnyard.conf) = 46open("/etc/snort/barnyard.conf", O_RDONLY) = 3fstat64(3, {st_mode=S_IFREG|0644, st_size=6021, ...}) = 0mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =0x40016000read(3, "#-------------------------------"..., 4096) = 4096read(3, " - ICMP type (if ICMP)n# dp"..., 4096) = 1925time([1085737682]) = 1085737682open("/etc/localtime", O_RDONLY) = 4fstat64(4, {st_mode=S_IFREG|0644, st_size=56, ...}) = 0mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =0x40017000read(4, "TZif0000000000000000000100010"..., 4096) =56close(4) = 0munmap(0x40017000, 4096) = 0rt_sigaction(SIGPIPE, {0x4013b500, [], SA_RESTORER, 0x400925d8}, {SIG_DFL},8) = 0socket(PF_UNIX, SOCK_DGRAM, 0) = 4fcntl64(4, F_SETFD, FD_CLOEXEC) = 0connect(4, {sa_family=AF_UNIX, path="/dev/log"}, 16) = -1 EPROTOTYPE(Protocol wrong type for socket)close(4) = 0socket(PF_UNIX, SOCK_STREAM, 0) = 4fcntl64(4, F_SETFD, FD_CLOEXEC) = 0connect(4, {sa_family=AF_UNIX, path="/dev/log"}, 16) = 0send(4, "<29>May 28 09:48:02 barnyard: Ar"..., 165, 0) = 165rt_sigaction(SIGPIPE, {SIG_DFL}, NULL, 8) = 0read(3, "", 4096) = 0close(3) = 0munmap(0x40016000, 4096) = 0open("/snort_data/barnyard.waldo", O_RDONLY) = -1 ENOENT (No such file ordirectory)time([1085737682]) = 1085737682rt_sigaction(SIGPIPE, {0x4013b500, [], SA_RESTORER, 0x400925d8}, {SIG_DFL},8) = 0send(4, "<29>May 28 09:48:02 barnyard: In"..., 56, 0) = 56rt_sigaction(SIGPIPE, {SIG_DFL}, NULL, 8) = 0fork() = 11156- --- SIGCHLD (Child exited) @ 0 (0) ---munmap(0x40015000, 4096) = 0exit_group(0) = ?-----BEGIN PGP SIGNATURE-----Version: PGP 7.0.1iQA/AwUBQLcOS/4wcdIw6CVjEQJNjACghTbgSNAR8m0XzfewO7lBB6JHUOAAniNyO5TL2JqXyY9ydybOuDQxHa8N=yhBp-----END PGP SIGNATURE------------------------------------------------------------This SF.Net email is sponsored by: Oracle 10gGet certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE.http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click_______________________________________________Snort-users mailing listSnort-users at ...7448... to this URL to change user options or unsubscribe:https://lists.sourceforge.net/lists/listinfo/snort-usersSnort-users list archive:http://www.geocrawler.com/redir-sf.php3?list=snort-users

_______________________________________________
Join Excite! - http://www.excite.com
The most personalized portal on the Web!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20040528/c79a213b/attachment.html>


More information about the Snort-users mailing list