[Snort-users] Barnyard2 doesn't read alerts

beenph beenph at ...11827...
Thu Feb 13 12:54:50 EST 2014


On Thu, Feb 13, 2014 at 11:36 AM, Daniele Gallarato
<daniele.gallarato at ...7874...> wrote:
Hi Daniele,

> I thought it also.
> But the folder has the right permissions.
> And problem remains also running barnyard2 as root...
>

pre:  update barnyard2 (your running 2-1.9 which is a few years old)
(www.github.com/firnsy/barnyard2)

1. How did you configure snort unified2 output
2. What is your snort command line.
3. What is your barnyard2 configuration
4. Do you see your unified2 file growing?

Waldo file will get updated/generated when the output plugin process an event.
If barnyard2 has not processed any event the waldo file will remain
empty or non existant if it has not been created
previously by event processing .

You can allways touch the future waldo file to change the warning you
get but as soon as you will process events the
warning will go away.

-elz




More information about the Snort-users mailing list