[Snort-users] [Barnyard-users] " No input plugin found for magic: a1b2c3d4" Issue

Joel Esler joel.esler at ...3027...
Wed May 7 16:37:22 EDT 2008


http://nsmwiki.org/Sguil_FAQ#Barnyard_says_.22No_input_plugin_found.22.

J

On May 7, 2008, at 3:33 PM, Rachmat Hidayat Al-Anshar wrote:

> In a last 2 day, i try to find out why did this happen and try to  
> find the solution. I still didn't make it. I have no idea, why  
> barnyard still didn't working. Barnyard always say that it  
> can't find any input plugin. I never find this kind of problem  
> on linux based os. I beg for a help :-(. Could anyone who has  
> successfully applying barnyard to share your experience with me.
>
> Regard.
> Matt
>
> Rachmat Hidayat Al-Anshar wrote:
>> I try to installing snort-2.8.0.1 on OpenBSD-4.2, before that, I  
>> try to patching it with snortsam's patch diff file  
>> (snortsam-2.8.0.1.diff). There is nothing to problem at all when I  
>> have to compiling and installing Snort. But I got this following  
>> error when issuing "make" to installing Barnyard: ProgVars.c: In  
>> function `ProgVars_Fprintf': ProgVars.c:672: warning: long unsigned  
>> int format, time_t arg (arg 3) gcc  -g -O2 -Wall -L/usr/local/lib/ 
>> mysql/ -o barnyard  barnyard.o mstring.o strlcatu.o strlcpyu.o  
>> util.o  spool.o sid.o debug.o classification.o CommandLineArgs.o  
>> ConfigFile.o  ProgVars.o output-plugins/libop.a input-plugins/ 
>> libdp.a -lz -lssl -lmysqlclient /usr/local/lib/mysql// 
>> libmysqlclient.so.18.0: warning: strcpy() is almost always misused,  
>> please use strlcpy() output-plugins/libop.a(op_sguil.o)(.text 
>> +0xea): In function `OpSguil_Start': /etc/barnyard/src/output- 
>> plugins/op_sguil.c:220: warning: sprintf() is often misused,
>> please use snprintf() output-plugins/libop.a(op_sguil.o)(.text 
>> +0x4da): In function `OpSguil_Log': /etc/barnyard/src/output- 
>> plugins/op_sguil.c:366: warning: strcat() is almost always misused,  
>> please use strlcat() I try to continue the process with hope there  
>> is nothing wrong with barnyard processing the snort's unified file.  
>> But lately I know that I was wrong... Barnyard produce this  
>> messages # tail /var/log/messages May  7 09:01:00 snort barnyard:  
>> No bookmark file found, processing all events May  7 09:01:03 snort  
>> barnyard[10430]: Initializing daemon mode May  7 09:01:03 snort  
>> barnyard[23654]: Opened spool file '/var/log/snort//snort.log. 
>> 1210120583' May  7 09:01:03 snort barnyard[23654]: FATAL ERROR:  
>> ERROR: No input plugin found for magic: a1b2c3d4 May  7 09:01:03  
>> snort barnyard[23654]: Exiting when I try to running it with: # / 
>> usr/local/bin/barnyard \ -c /etc/snort/barnyard.conf
>> \ -d /var/log/snort/ \ -L /var/log/snort/ \ -s /etc/snort/sid- 
>> msg.map \ -g /etc/snort/gen-msg.map \ -p /etc/snort/ 
>> classification.config \ -a /var/log/snort/archive/ \ -f snort.log \  
>> -w /var/log/snort/barnyard.waldo \ -X /var/run/barnyard.pid \ -D  
>> Now, what should I do? Thanks in advance Regard Matt
>>      Be a better friend, newshound, and
>> know-it-all with Yahoo! Mobile.  Try it now.
>
>
>
>       
> ____________________________________________________________________________________
> Be a better friend, newshound, and
> know-it-all with Yahoo! Mobile.  Try it now.  http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
> Don't miss this year's exciting event. There's still time to save  
> $100.
> Use priority code J8TL2D2.
> http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


--
Joel Esler
  joel.esler at ...3027...http://blog.joelesler.net








More information about the Snort-users mailing list