[Snort-users] odd issue with barnyard2 pid files

beenph beenph at ...11827...
Wed Feb 9 00:21:12 EST 2011


On Tue, Feb 8, 2011 at 10:12 PM, Russell Fulton <r.fulton at ...3809...> wrote:
> Hi,
>
> I have a number of sensors on which I run snort and barnyard2 all are more or less identically configured (configuration pushed out from by a configuration management system -- puppet).  On a couple of the sensors the created pid file is empty?  which means that barnyard2 does not get shut down gracefully and I get errors on restart about inconsistent cids.
>
> Any ideas what might cause this?
>

> [snort at ...15111... ~]$ barnyard2 -V
>
>  ______   -*> Barnyard2 <*-
>  / ,,_  \  Version 2.1.8 (Build 251)
>  |o"  )~|  By the SecurixLive.com Team: http://www.securixlive.com/about.php
>  + '''' +  (C) Copyright 2008-2010 SecurixLive.
>
>           Snort by Martin Roesch & The Snort Team: http://www.snort.org/team.html
>           (C) Copyright 1998-2007 Sourcefire Inc., et al.
>
> [snort at ...15111... ~]$ ls -l run
> total 8
> -rw------- 1 snort snort    0 Feb  1 11:13 barnyard2_dmzo.pid
> -rw------- 1 snort snort    0 Feb  1 11:13 barnyard2_dmzo.pid.lck
> -rw-rw-r-- 1 root  root     6 Feb  9 15:12 snort_eth1-dmzo.pid
> -rw-rw-r-- 1 root  root     0 Feb  9 15:12 snort_eth1-dmzo.pid.lck
>
> 4695 ?        Ss    26:07 barnyard2 -c dmzo/conf/barnyard.conf -d /home/snort/data/dmzo/ -l /home/snort/data/dmzo/ -w /home/snort/data/dmzo/checkpoint -i dmzo -f snort.log --pid-path /home/snort/run/
>
>
> Russell


What do you mean by barnyard2 do not get shut down gracefully? Which
tool do you use to control your processes startup and shutdown?
Can you output more error on the "inconsistent cid" issue your mentionning?

As a side note what are the permission on the parent directory?

Thanks,

-elz




More information about the Snort-users mailing list