Snort mailing list archives
barnyard problem
From: Jasmine CHUA <Jasmine.Chua () internationalsos com>
Date: Fri, 28 May 2004 18:02:52 +0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all barnyard works at first. But stopped working the next time I start it. It's supposed to create a waldo file by itself but it dint. Below is the strace output. I am using barnyard-1.0. Anyone encountering the same problem? write(2, "Loading Data Processors...\n", 27Loading Data Processors... ) = 27 write(2, "dp_alert loaded\n", 16dp_alert loaded ) = 16 write(2, "dp_log loaded\n", 14dp_log loaded ) = 14 write(2, "dp_stream_stat loaded\n", 22dp_stream_stat loaded ) = 22 write(2, "Loading Built-in Output Plugins."..., 35Loading Built-in Output Plugins... ) = 35 write(2, "Fast Alert plugin initialized\n", 30Fast Alert plugin initialized ) = 30 write(2, "AlertSyslog initialized\n", 24AlertSyslog initialized ) = 24 write(2, "Log Dump plugin initialized\n", 28Log Dump plugin initialized ) = 28 write(2, "LogPcap initialized\n", 20LogPcap initialized ) = 20 write(2, "AcidDb output plugin initialized"..., 33AcidDb output plugin initialized ) = 33 write(2, "Sguil output plugin initialized\n", 32Sguil output plugin initialized ) = 32 write(2, "AlertCSV initialized\n", 21AlertCSV initialized ) = 21 write(2, "Parsing Config file: /etc/snort/"..., 46Parsing Config file: /etc/snort/barnyard.conf ) = 46 open("/etc/snort/barnyard.conf", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=6021, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40016000 read(3, "#-------------------------------"..., 4096) = 4096 read(3, " - ICMP type (if ICMP)\n# dp"..., 4096) = 1925 time([1085737682]) = 1085737682 open("/etc/localtime", O_RDONLY) = 4 fstat64(4, {st_mode=S_IFREG|0644, st_size=56, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40017000 read(4, "TZif\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\1\0\0\0\1\0"..., 4096) = 56 close(4) = 0 munmap(0x40017000, 4096) = 0 rt_sigaction(SIGPIPE, {0x4013b500, [], SA_RESTORER, 0x400925d8}, {SIG_DFL}, 8) = 0 socket(PF_UNIX, SOCK_DGRAM, 0) = 4 fcntl64(4, F_SETFD, FD_CLOEXEC) = 0 connect(4, {sa_family=AF_UNIX, path="/dev/log"}, 16) = -1 EPROTOTYPE (Protocol wrong type for socket) close(4) = 0 socket(PF_UNIX, SOCK_STREAM, 0) = 4 fcntl64(4, F_SETFD, FD_CLOEXEC) = 0 connect(4, {sa_family=AF_UNIX, path="/dev/log"}, 16) = 0 send(4, "<29>May 28 09:48:02 barnyard: Ar"..., 165, 0) = 165 rt_sigaction(SIGPIPE, {SIG_DFL}, NULL, 8) = 0 read(3, "", 4096) = 0 close(3) = 0 munmap(0x40016000, 4096) = 0 open("/snort_data/barnyard.waldo", O_RDONLY) = -1 ENOENT (No such file or directory) time([1085737682]) = 1085737682 rt_sigaction(SIGPIPE, {0x4013b500, [], SA_RESTORER, 0x400925d8}, {SIG_DFL}, 8) = 0 send(4, "<29>May 28 09:48:02 barnyard: In"..., 56, 0) = 56 rt_sigaction(SIGPIPE, {SIG_DFL}, NULL, 8) = 0 fork() = 11156 - --- SIGCHLD (Child exited) @ 0 (0) --- munmap(0x40015000, 4096) = 0 exit_group(0) = ? -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.1 iQA/AwUBQLcOS/4wcdIw6CVjEQJNjACghTbgSNAR8m0XzfewO7lBB6JHUOAAniNy O5TL2JqXyY9ydybOuDQxHa8N =yhBp -----END PGP SIGNATURE----- ------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- barnyard problem Jasmine CHUA (May 28)
- <Possible follow-ups>
- RE: barnyard problem David (May 28)