[Snort-users] barnyard 2 localtime error (UNCLASSIFIED)
reswob10 at ...11827...
Thu Aug 13 12:49:45 EDT 2009
Hi all, I'm building a new IDS, with Ubuntu server 9.04 (no gui) and
barnyard 2.1.6 and Snort 18.104.22.168. For the test build, I'm using a VM using
NAT. Installed the server with the LAMP option. Installed and configured
Snort, BASE, and barnyard. Everything was working and going well (graphs,
alerts, etc) until I wanted to configure Barnyard to use localtime instead
of UTC. Then, for some reason, barnyard wouldn't start. Below is the
command I ran while troubleshooting and the output:
sudo /usr/local/bin/barnyard2 -T -u snort -g snort -c
/etc/snort/barnyard2.conf -G /etc/snort/gen-msg.map -S
/etc/snort/sid-msg.map -d /var/log/snort -f snort.u2 -w
Running in Continuous mode with inferred config file:
--== Initializing Barnyard2 ==--
Initializing Input Plugins!
Initializing Output Plugins!
Parsing rules files /etc/snort/barnyard2.conf
Initializing rule chains...
ERROR: Unknown config directive: config localtime
Fatal Error, Quitting..
Here is the relevant part of my barnyard2.conf:
# Step 1: configure the variable declarations
# To keep from having a commandline that uses every letter in the alphabet
# most configuration options are set here
# enable daemon mode
# use localtime instead of UTC (*NOT* recommended because of timewarps)
# set the appropriate paths to the file(s) your Snort process is using
config reference-map: /etc/snort/reference.config
config class-map: /etc/snort/classification.config
config gen-msg-map: /etc/snort/gen-msg.map
config sid-msg-map: /etc/snort/sid-msg.map
Searching on this error has so far produced no relevant hits, so I thought
I'd put a quick post to see if anyone else has seen this.....
Craig L. Bowser
CISSP SANS GSEC (Gold)
"Every election is a sort of advance auction sale of stolen goods." -- H. L.
More information about the Snort-users