[Snort-users] Snort, Barnyard, webmin issues

Kevin Smith kjsmith at ...13166...
Fri Dec 2 10:51:02 EST 2005


Hey everyone,

I know this problem is something to do with webmin, but I figured 
someone here may have seen this error before.

I'm setting up snort (Version 2.4.3 (Build 26)) with barnyard (Version 
0.2.0 (Build 32)) and logging to a mysql database on a Fedora Core 4 
system. Snort is configured to log to tcpdump logs that barnyard will 
read into the DB.

When I run the commands below (without -D of course), everything works 
fine. Even with the -D so of course there is no error shown. Now, in 
webmin under the snort module, I have the same command for snort under 
"full path to snort executable (with options)" under the module 
configuration as I do below for snort. Snort starts without any problems 
but it doesn't generate tcpdump logs, and when I start barnyard, which I 
do manually, I get this error if I take the -D option off.

Barnyard Version 0.2.0 (Build 32)
Opened spool file '/var/log/snort/snort.log.1133542635'
ERROR: No input plugin found for magic: a1b2c3d4
Fatal Error, Quitting..
Exiting

My question is, is there a reason why the command from the prompt will 
start logging correctly but from webmin the same command will not? Has 
anyone seen this error before? I know it is because the tcpdump log 
files are not being generated, but I can't seem to figure out why it is 
not generating the files. Any ideas or suggestions would be great.

Thanks,
Kevin

Here are the commands and configuration settings.


Here is the output config from snort:
output log_tcpdump: tcpdump.log
output log_unified: filename /var/log/snort/snort.log, limit 128

Command for barnyard to start:
barnyard -c /usr/src/barnyard-0.2.0/etc/barnyard.conf -d /var/log/snort 
-a /var/log/snort-archive -f snort.log -w /var/log/snort/waldo
-s /etc/snort/sid-msg.map -g /etc/snort/gen-msg.map -p 
/etc/snort/classification.config -D

Command to start snort:
/usr/sbin/snort -u snort -g snort -d -C -c /etc/snort/snort.conf -A fast -D







More information about the Snort-users mailing list