[Snort-users] odd issue with barnyard2 pid files

Russell Fulton r.fulton at ...3809...
Tue Feb 8 22:12:02 EST 2011


Hi,

I have a number of sensors on which I run snort and barnyard2 all are more or less identically configured (configuration pushed out from by a configuration management system -- puppet).  On a couple of the sensors the created pid file is empty?  which means that barnyard2 does not get shut down gracefully and I get errors on restart about inconsistent cids.

Any ideas what might cause this?

[snort at ...15111... ~]$ barnyard2 -V

  ______   -*> Barnyard2 <*-
 / ,,_  \  Version 2.1.8 (Build 251)
 |o"  )~|  By the SecurixLive.com Team: http://www.securixlive.com/about.php
 + '''' +  (C) Copyright 2008-2010 SecurixLive.

           Snort by Martin Roesch & The Snort Team: http://www.snort.org/team.html
           (C) Copyright 1998-2007 Sourcefire Inc., et al.

[snort at ...15111... ~]$ ls -l run
total 8
-rw------- 1 snort snort    0 Feb  1 11:13 barnyard2_dmzo.pid
-rw------- 1 snort snort    0 Feb  1 11:13 barnyard2_dmzo.pid.lck
-rw-rw-r-- 1 root  root     6 Feb  9 15:12 snort_eth1-dmzo.pid
-rw-rw-r-- 1 root  root     0 Feb  9 15:12 snort_eth1-dmzo.pid.lck

4695 ?        Ss    26:07 barnyard2 -c dmzo/conf/barnyard.conf -d /home/snort/data/dmzo/ -l /home/snort/data/dmzo/ -w /home/snort/data/dmzo/checkpoint -i dmzo -f snort.log --pid-path /home/snort/run/


Russell



More information about the Snort-users mailing list