[Snort-users] Strange happenings with BY2

Tony Robinson deusexmachina667 at ...11827...
Sun Apr 14 01:38:06 EDT 2013


I'm not sure who got this message or not; google bounced my initial reply
since I wasn't a member of barnyard2-users so I'm not sure if it just
refused to deliver it to barnyard2-users or everyone. Sorry if this is a
dupe!

Okay,

-My script pulls BY2 via github as it has been suggested by a few folks who
used my script that this is the suggested method of getting barnyard2
updates, as opposed to pulling it from the securix website.

Here's what I get when I run barnyard2 with -v:
  ______   -*> Barnyard2 <*-
 / ,,_  \  Version 2.1.13-BETA (Build 325)
 |o"  )~|  By Ian Firns (SecurixLive): http://www.securixlive.com/
 + '''' +  (C) Copyright 2008-2013 Ian Firns <firnsy at ...14568...>


- The way my script installs barnyard 2 is that I configure the
barnyard2.conf file via sed-foo and tell it where to find the sid and
gen-msg.map, among other settings.
- I don't trust my sed-foo that much, so I use the -S and -G options to
tell barnyard2 where to find the sid and gen-msg.map files via the command
line as a Safety Net of sorts.
- In the past, there would be no conflict here; if the conf file said one
thing and the command line said another, the command line would win and
barnyard 2 would use the -S and -G arguments via the command line.
- With the copy of barnyard 2 I pulled via github, here's the errors I got:

Apr 13 13:25:53 Autosnort-VMPlayer barnyard2[1464]: FATAL ERROR: The sid
map file was included two times command line (-S)
[/usr/local/snort/etc/sid-msg.map] and in the configuration file (config
sid_map) [/usr/local/snort/etc/sid-msg.map].#012It only need to be defined
once.
Apr 13 13:29:39 Autosnort-VMPlayer barnyard2[1562]: FATAL ERROR: The gen
map file was included two times command line (-G)
[/usr/local/snort/etc/gen-msg.map] and in the configuration file (config
gen_map) [/usr/local/snort/etc/gen-msg.map].#012It only need to be defined
once.

- Okay, easy enough to understand: remove the args from the command line or
from the config file, don't specify them twice. So I removed the -S and -G
args and everything worked.. Updated my scripts, updated the init scripts I
made and everything is happy.
- The errors are verbose enough for me to understand what happened, I'm
just curious what prompted the change in how arguments are parsed/accepted
with BY2.

Thanks for the response.

p.s. This is very low priority, I managed to work around it well enough. If
you have anything of more importance, like say, enjoying your weekend, no
worries; I can wait.


On Sun, Apr 14, 2013 at 12:37 AM, beenph <beenph at ...11827...> wrote:

> On Sun, Apr 14, 2013 at 12:21 AM, Tony Robinson
> <deusexmachina667 at ...11827...> wrote:
> > Hey,
> >
> > I was just testing out some changes to my autosnort script and
> documenting
> > the install process and noticed that barnyard2 behaves a little bit
> > differently.
> >
> > It use to be that you could specify a directive via command line and via
> the
> > config file and the command line argument would win. Now it seems that if
> > you specify an argument in both places, BY2 just refuses to run. It
> throws a
> > fatal error stating that the argument cannot be specified in the config
> file
> > and on the command line.
> >
> > I took a look at the readme/changelog available via github, didn't really
> > find much regarding it. Has anyone else noticed this? Not that it truly
> > matters anymore; I just removed the offending options from the command
> line
> > and am about to commit the changes to the scripts regardless -- merely
> > curious.
> >
>
> Hi Tony,
>
> Can you be more specific about which version you are using and which
> argument you are trying to run
> and what output you get and mabey its will be possible to
> assist/explain you further what is happening.
>
> Thank you.
>
> -elz
>



-- 
when does reality end? when does fantasy begin?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130414/266ebe7e/attachment.html>


More information about the Snort-users mailing list