Re: Barnyard2 + snort

[Jason Wallace <jason.r.wallace () gmail com>]

What command line arguments are you starting it with? What version are
you using? In the current version there is a "bug" where you have to
specify a log directory even if you are not using an output method
that would require a log directory.

2010/3/25 Fábio Ferrão <ferrao04 () gmail com>:
> Dears,
> A question: I'm configuring the barnyard2 + snort_inline and I'm having some
> problems.
> My log file of barnyard aplication:
> *****BEGIN******
> Mar 24 17:50:19 maritaca barnyard2[26271]: Parsing rules files
> /usr/local/etc/barnyard2.conf
> Mar 24 17:50:19 maritaca barnyard2[26271]: Found reference-map config
> directive (../snort/reference.config)
> Mar 24 17:50:19 maritaca barnyard2[26271]: Found class-map config directive
> (../snort/classification.config)
> Mar 24 17:50:19 maritaca barnyard2[26271]: Found gen-msg-map config
> directive (../snort/gen-msg.map)
> Mar 24 17:50:19 maritaca barnyard2[26271]: Found sid-msg-map config
> directive (../snort/sid-msg.map)
> Mar 24 17:50:19 maritaca barnyard2[26271]: Found hostname config directive
> (maritaca)
> Mar 24 17:50:19 maritaca barnyard2[26271]: Found interface config directive
> (bge0)
> Mar 24 17:50:19 maritaca barnyard2[26271]: Generating maps
> Mar 24 17:50:19 maritaca barnyard2[26271]: Initializing daemon mode
> Mar 24 17:50:19 maritaca barnyard2[26272]: PID path stat checked out ok, PID
> path set to /var/run/
> Mar 24 17:50:19 maritaca barnyard2[26272]: Writing PID "26272" to file
> "/var/run//barnyard2_bge0.pid"
> Mar 24 17:50:19 maritaca barnyard2[26272]: Daemon initialized, signaled
> parent pid: 26271
> Mar 24 17:50:19 maritaca barnyard2[26271]: Daemon parent exiting
> Mar 24 17:50:19 maritaca barnyard2[26272]: Barnyard2 initialization
> completed successfully (pid=26272)
> Mar 24 17:50:19 maritaca barnyard2[26272]: ERROR: Unable to open directory
> '' (No such file or directory)
> Mar 24 17:50:19 maritaca barnyard2[26272]: ERROR: Unable to find the next
> spool file!
> Mar 24 17:50:19 maritaca barnyard2[26272]: Leaving due to signal ffffffff.
> Mar 24 17:50:19 maritaca barnyard2[26272]: Barnyard2 exiting
> *****END******
> I did understand these errors.
> The snort initialize with success, but barnyard2 not.
> Can somebody help me?
> Thanks.
> --
> Fábio Ferrão
>
> "E conhecereis a verdade e a verdade vos libertará".    João 8.32
> "And you will know the truth and the truth you will free".    John 8.32
>
> ------------------------------------------------------------------------------
> Download Intel&#174; Parallel Studio Eval
> Try the new software tools for yourself. Speed compiling, find bugs
> proactively, and fine-tune applications for parallel performance.
> See why Intel Parallel Studio got high marks during beta.
> http://p.sf.net/sfu/intel-sw-dev
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

------------------------------------------------------------------------------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users