Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: barnyard payload

From: Alwin Raymundo <alrayworld () yahoo com>
Date: Thu, 17 Oct 2002 12:43:56 -0700 (PDT)
Hi Andrew,

Thanks for replying.

I'm using snort 2.0 (in snort.conf)
output log_unified: filename snort.log, limit 128

I use barnyard-0.1.0-rc3.tar.gz

Thanks again in Advance for you help

Your brother in snort



--- "Andrew R. Baker" <andrewb () snort org> wrote:

Alwin Raymundo wrote:

Hi Everybody,

Thanks for all your help and I appreciate your
patience.  The stupid of me I did not double check

the

command line that I execute.  Please pardon me.

I already change it but I notice something, if

someone

can help I really really apreciate it.

when I execute the command.
barnyard  -c /etc/snort/barnyard.conf \
    -d /var/log/snort -g /etc/snort/gen-msg.map \
    -s /etc/snort/sid-msg.map -f snort.log

Barnyard Version 0.1.0-rc3 (Build 11) started
ERROR => No input plugin found for magic: a1b2c3d4
Fatal Error, Quitting..
Exiting

What does this means.  " ERROR => No input plugin
found for magic: a1b2c3e4"

any help would be highly appreciated.


The magic is the first 4 octets of the unified file
that is used by 
Barnyard to determine how it should be processed. 
However, AFAIK (and i 
maintain the unified output plugin), the value
"a1b2c3d4" is never used 
as a magic values when Snort generates a unified
file.  What version of 
Snort are you using and what is the unified output
configuration in your 
snort.conf?

-A





=====
Alwin Raymundo

__________________________________________________
Do you Yahoo!?
New DSL Internet Access from SBC & Yahoo!
http://sbc.yahoo.com


-------------------------------------------------------
This sf.net email is sponsored by: viaVerio will pay you up to
$1,000 for every account that you consolidate with us.
http://ad.doubleclick.net/clk;4749864;7604308;v?
http://www.viaverio.com/consolidator/osdn.cfm
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: