Re: Barnyard not Updating MySQL

["Someone.you dont.like" <maps.this.address () gmail com>]

The waldo.file was indeed the culprit. I removed it and restarted
Barnyard; from what you said on IRC and I'm quoting,

"
jesler> barnyard has to process the file and remember where it is at.
jesler> so it won't create/update a waldo file until it gets done
processing the unified file.
"

I believe a while back when I run Barnyard with waldo.file option, the
ASCII format alert/log files had the same name as unified format files
(specified in snort.conf), my first mistake. Second, when I ran
Barnyard and didn't see waldo.file, I created one myself from the
command one rather letting Barnyard generate one because Barnyard as
You said was processing the unified file for a while and I wasn't
patient to wait around.

So my suggestion for others is, change the alert/log name of unified
format filenames in snort.conf to be dissimilar than your old
alert/log files in other formats (csv, ascii...).
output alert_unified: filename snort-unified.alert, limit 128...

And make sure after initiating Barnyard, the waldo.file is processing
the correct unified log file. So if snort-unified.alert.11235645856 is
the log file being written to by Snort, make sure it is the same file
in your waldo.file. And last but not least, give Barnyard a chance to
create the waldo file.

Thank you J. Esler


-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users