[Snort-users] Barnyward not running properly

JJC cummingsj at ...11827...
Mon Jun 28 12:37:53 EDT 2010


   1. What version of by2?
      1. There was an earlier version that did have some bookmark file
      issues.. pre 17 or 16 I think.
   2. Do you have permissions to write / modify the by2 waldo file under the
   context that you are running by?
   3. Are you writing unified2 logs from snort?
   4. Have you verified that you are generating events from snort?
   5. Have you deleted all old unified logs if they existed?
   6. Are you specifying the correct path to the unified2 files?
   7. Do you have permissions to read the unified2 files?
   8. Are you specifying the correct base filename pattern for the unified2
   files?

JJC

On Mon, Jun 28, 2010 at 10:30 AM, Kun, Mike <mkun at ...6382...> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I have Barnyard2 set up and configured to read Unified2 ad output to a
> mysql database.
> I can start barnyard2 just fine, but no data is written to the db.
> In the logs I see references to "waldo file missing or corrupt". I've
> deleted and touched a new waldo file, but still get the message.
> Has anyone see this issue before?
>
> - -Mike
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (MingW32)
> Comment: Using GnuPG with OutlookGnuPG v1.2.3667
>
> iQEcBAEBAgAGBQJMKM4lAAoJEMhWEt1OJPG/xxYIAJDNKcldK/vsDraeEAfd/cVb
> 5DnxPXj5JRukVOEoUVuQGwNqh1vDJyLaOfajTYvij2eHWeLffan9i3/GHZywVUED
> u9FvgMYJTBleqyBcbgJxWqprIfVjpkxBIDB93x5zNVBe5EQeZ8T+L/0ZsMqd/EIq
> RzDqHyKVGGc63mA79PIIXF3mMvSvrP9gJdH5m/WB4meQaBIulj+jQ2/gjYqjbsVK
> kVuPvfE3/PJSutep9NduqLwsBRJH1Z1vIJDHPhPd7q3GfM5+5bUoN9KTD5qV/7bl
> M/0nOjJgaYFcZEwBvGyJDO1vmvIQIQ7s7IDdAkXAGYmToYVPwE8ZMKUtGazqW8E=
> =PS71
> -----END PGP SIGNATURE-----
>
>
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by Sprint
> What will you do first with EVO, the first 4G phone?
> Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100628/d667310d/attachment.html>


More information about the Snort-users mailing list