[Snort-users] gen-msg.map is missing! What to do? Where to get it?

Andrew Shagayev drewshg at ...11827...
Wed Mar 11 16:33:22 EDT 2015


*Thank you for your reply! I'm using OS X 10.10.2Snort was installed from
Homebrew (so I believe that means from package)*

*I've downloaded it from that link (https://www.snort.org/configurations
<https://www.snort.org/configurations>) and now I'm getting this:*
########################################################
$ barnyard2 -c /etc/barnyard2.conf -f merged.log -d /var/log/snort
Running in Continuous mode

        --== Initializing Barnyard2 ==--
Initializing Input Plugins!
Initializing Output Plugins!
Parsing config file "/etc/barnyard2.conf"


+[ Signature Suppress list ]+
----------------------------
+[No entry in Signature Suppress List]+
----------------------------
+[ Signature Suppress list ]+

Barnyard2 spooler: Event cache size set to [2048]
ERROR: Can not get write access to logging directory "/var/log/barnyard2".
(directory doesn't exist or permissions are set incorrectly or it is not a
directory at all)
Fatal Error, Quitting..
Barnyard2 exiting
...
#######################################################


*The permissions on "/var/log/barnyard2" are 755 (drwxr-xr-x   2 root
wheel   68B   barnyard2/).*

*So I've done this with sudo:*
########################################################
Running in Continuous mode

        --== Initializing Barnyard2 ==--
Initializing Input Plugins!
Initializing Output Plugins!
Parsing config file "/etc/barnyard2.conf"


+[ Signature Suppress list ]+
----------------------------
+[No entry in Signature Suppress List]+
----------------------------
+[ Signature Suppress list ]+

Barnyard2 spooler: Event cache size set to [2048]
Log directory = /var/log/barnyard2
INFO database: Defaulting Reconnect/Transaction Error limit to 10
INFO database: Defaulting Reconnect sleep time to 5 second
database: compiled support for (postgresql)
database: configured to use postgresql
database: schema version = 107
database:           host = localhost
database:           user = snort
database:  database name = snort
database:    sensor name = drew-sh.server:eth0
database:      sensor id = 1
database:     sensor cid = 1
database:  data encoding = hex
database:   detail level = full
database:     ignore_bpf = no
database: using the "log" facility

        --== Initialization Complete ==--

  ______   -*> Barnyard2 <*-
 / ,,_  \  Version 2.1.14 (Build 336)
 |o"  )~|  By Ian Firns (SecurixLive): http://www.securixlive.com/
 + '''' +  (C) Copyright 2008-2013 Ian Firns <firnsy at ...14568...>

WARNING: Unable to open waldo file '/var/log/barnyard2/waldo' (No such file
or directory)
Opened spool file '/var/log/snort/merged.log.1425761696'
Closing spool file '/var/log/snort/merged.log.1425761696'. Read 0 records
Opened spool file '/var/log/snort/merged.log.1425763545'
Closing spool file '/var/log/snort/merged.log.1425763545'. Read 0 records
Opened spool file '/var/log/snort/merged.log.1425767870'
Closing spool file '/var/log/snort/merged.log.1425767870'. Read 0 records
Opened spool file '/var/log/snort/merged.log.1425767999'
Closing spool file '/var/log/snort/merged.log.1425767999'. Read 0 records
Opened spool file '/var/log/snort/merged.log.1425777240'
Closing spool file '/var/log/snort/merged.log.1425777240'. Read 0 records
Opened spool file '/var/log/snort/merged.log.1425777980'
Closing spool file '/var/log/snort/merged.log.1425777980'. Read 0 records
Opened spool file '/var/log/snort/merged.log.1425778034'
Closing spool file '/var/log/snort/merged.log.1425778034'. Read 0 records
Opened spool file '/var/log/snort/merged.log.1425965873'
Closing spool file '/var/log/snort/merged.log.1425965873'. Read 0 records
Opened spool file '/var/log/snort/merged.log.1425967054'
Closing spool file '/var/log/snort/merged.log.1425967054'. Read 0 records
Opened spool file '/var/log/snort/merged.log.1425967076'
Closing spool file '/var/log/snort/merged.log.1425967076'. Read 0 records
Opened spool file '/var/log/snort/merged.log.1426003439'
Waiting for new data
...
#######################################################

*So there are no waldo file for some reason((( Any ideas?*

2015-03-11 13:11 GMT-07:00 Y M <snort at ...15979...>:

> Was Snort installed from a package or source? If from source, then this
> files exists under /etc after you untar the source. Verify first that the
> files does not exist in a different directory. If still not found, you can
> download it from here: https://www.snort.org/configurations
>
> ------------------------------
> Date: Wed, 11 Mar 2015 13:04:09 -0700
> From: drewshg at ...11827...
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] gen-msg.map is missing! What to do? Where to get it?
>
>
> Hi guys!
>
> When running:
>
> $ barnyard2 -c /etc/barnyard2.conf -f merged.log -d /var/log/snort
>
> Running in Continuous mode
>
>         --== Initializing Barnyard2 ==--
> Initializing Input Plugins!
> Initializing Output Plugins!
> Parsing config file "/etc/barnyard2.conf"
>
>
> +[ Signature Suppress list ]+
> ----------------------------
> +[No entry in Signature Suppress List]+
> ----------------------------
> +[ Signature Suppress list ]+
>
> ERROR: Unable to open Generator file "/etc/snort/gen-msg.map": No such
> file or directory
> ERROR: [Barnyard2Init()], failed while processing [/etc/snort/gen-msg.map]
> Fatal Error, Quitting..
> Barnyard2 exiting
> ...
>
> Where can I find this file? Please help me to solve this problem?
> --
> A.S.
>
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming The Go Parallel Website,
> sponsored by Intel and developed in partnership with Slashdot Media, is
> your hub for all things parallel software development, from weekly thought
> leadership blogs to news, videos, case studies, tutorials and more. Take a
> look and join the conversation now. http://goparallel.sourceforge.net/
> _______________________________________________ Snort-users mailing list
> Snort-users at lists.sourceforge.net Go to this URL to change user options
> or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users
> <https://lists.sourceforge.net/lists/listinfo/snort-usersSnort-users>
> list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>



-- 
A.S.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150311/f8632be8/attachment.html>


More information about the Snort-users mailing list