[Snort-users] @barnyard error

Peter Bates peter.bates at ...15381...
Mon Sep 2 05:35:37 EDT 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hello all

On 02/09/2013 10:14, anagha b wrote:
> I used follwing command to run barnyard but befor that removed
> barnyard2.waldo file and created new one.
> 
> usr/local/bin/barnyard2 -f snort.u2 -u root -g root -c
> /srv/snort/etc/barnyard2.conf -w /var/log/snort/barnyard2.waldo -d
> /var/log/snort

Did you just delete the .waldo file or actually make a new one?
I'd let BY2 make one when it starts up - the WARNING is just informational.

> Closing spool file '/var/log/snort/snort.u2.1378112617'. Read 0 records
> 
> snort not logging into snort.u2?  how to solve this?

Is the size of snort.u2.1378112617 increasing
when rules are hit?

Your snort.conf should just have something like

output unified2: filename snort.log, limit 128

defined for the output.

What is your command-line to start Snort?

- From your previous emails to the list it sounded like
you had Snort logging successfully to the unified2 file.

- -- 
Peter Bates
Senior Information Security Officer   Phone: +44(0)2076792049
Information Services Division	      Internal Ext: 32049
University College London
London WC1E 6BT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJSJFvpAAoJELhVoVpEMS6R0/IH/AnpuX1jc8bCHRFoN4eI5xyc
hwIKWE4HqoSr3rfs6q302kivP37rwWxFsoXBUcxD/MGEngwq+OOKqSBr5Q8L4DIj
3WB7pnmecGhkuGwsjMR4GXAQutgJfEZGQWpDe8zXqXpIiseItJyL0pF3VQTahAJP
4EggYWlIpqrifhvUuS55e2g4dvn4agnKLx17eleAWuKBl4Tq0jxjTRMhupc9uoyx
V8RREhNr+R7wN1ut1y9IgZEsuHQseL9Xgl4FOJ4NwlXRfXC7r/uZONvMg+fRpFfw
RZLwNXLTRM3QW/vYFFxMG+6HQKb5MHZEwjCmP8tOzlfw04fgrHDbcsHeF39+8iw=
=+Uhl
-----END PGP SIGNATURE-----





More information about the Snort-users mailing list