[Snort-users] barnyard 2 localtime error (UNCLASSIFIED)

Craig reswob10 at ...11827...
Thu Aug 13 12:49:45 EDT 2009

Classification:  UNCLASSIFIED 
Caveats: NONE

Hi all, I'm building a new IDS, with Ubuntu server 9.04 (no gui) and
barnyard 2.1.6 and Snort   For the test build, I'm using a VM using
NAT.  Installed the server with the LAMP option.  Installed and configured
Snort, BASE, and barnyard.  Everything was working and going well (graphs,
alerts, etc) until I wanted to configure Barnyard to use localtime instead
of UTC.  Then, for some reason, barnyard wouldn't start.  Below is the
command I ran while troubleshooting and the output:

sudo /usr/local/bin/barnyard2 -T -u snort -g snort -c
/etc/snort/barnyard2.conf -G /etc/snort/gen-msg.map -S
/etc/snort/sid-msg.map -d /var/log/snort -f snort.u2 -w

Running in Continuous mode with inferred config file:

        --== Initializing Barnyard2 ==--
Initializing Input Plugins!
Initializing Output Plugins!
Parsing rules files /etc/snort/barnyard2.conf

Initializing rule chains...
ERROR: Unknown config directive: config localtime
Fatal Error, Quitting..

Here is the relevant part of my barnyard2.conf:

# Step 1: configure the variable declarations
# To keep from having a commandline that uses every letter in the alphabet
# most configuration options are set here

# enable daemon mode
#config daemon

# use localtime instead of UTC (*NOT* recommended because of timewarps)
config localtime

# set the appropriate paths to the file(s) your Snort process is using
config reference-map:   /etc/snort/reference.config
config class-map:           /etc/snort/classification.config
config gen-msg-map:     /etc/snort/gen-msg.map
config sid-msg-map:         /etc/snort/sid-msg.map

Searching on this error has so far produced no relevant hits, so I thought
I'd put a quick post to see if anyone else has seen this.....

Craig L. Bowser
"Every election is a sort of advance auction sale of stolen goods." -- H. L.
Classification:  UNCLASSIFIED 
Caveats: NONE

