Re: Strange happenings with BY2

[Tony Robinson <deusexmachina667 () gmail com>]

Okay,

-My script pulls BY2 via github as it has been suggested by a few folks who
use my script that this is the suggested method of getting barnyard2
updates, as opposed to pulling it from the securix website.

Here's what I get when I run barnyard2 with -v:
  ______   -*> Barnyard2 <*-
 / ,,_  \  Version 2.1.13-BETA (Build 325)
 |o"  )~|  By Ian Firns (SecurixLive): http://www.securixlive.com/
 + '''' +  (C) Copyright 2008-2013 Ian Firns <firnsy () securixlive com>


- The way my script installs barnyard 2 is that I configure the
barnyard2.conf file via sed-foo and tell it where to find the sid and
gen-msg.map, among other settings.
- I don't trust my sed-foo that much, so I use the -S and -G options to
tell barnyard2 where to find the sid and gen-msg.map files via the command
line as a Safety Net of sorts.
- In the past, there would be no conflict here; if the conf file said one
thing and the command line said another, the command line would win and
barnyard 2 would use the -S and -G arguments via the command line.
- With the copy of barnyard 2 I pulled via github, here's the errors I got:

Apr 13 13:25:53 Autosnort-VMPlayer barnyard2[1464]: FATAL ERROR: The sid
map file was included two times command line (-S)
[/usr/local/snort/etc/sid-msg.map] and in the configuration file (config
sid_map) [/usr/local/snort/etc/sid-msg.map].#012It only need to be defined
once.
Apr 13 13:29:39 Autosnort-VMPlayer barnyard2[1562]: FATAL ERROR: The gen
map file was included two times command line (-G)
[/usr/local/snort/etc/gen-msg.map] and in the configuration file (config
gen_map) [/usr/local/snort/etc/gen-msg.map].#012It only need to be defined
once.

- Okay, easy enough to understand: remove the args from the command line or
from the config file, don't specify them twice. So I removed the -S and -G
args and everything worked.. Updated my scripts, updated the init scripts I
made and everything is happy.
- The errors are verbose enough for me to understand what happened, I'm
just curious what prompted the change in how arguments are parsed/accepted
with BY2.

Thanks for the response.

p.s. This is very low priority, I managed to work around it well enough. If
you have anything of more importance, like say, enjoying your weekend, no
worries; I can wait.


On Sun, Apr 14, 2013 at 12:37 AM, beenph <beenph () gmail com> wrote:

> On Sun, Apr 14, 2013 at 12:21 AM, Tony Robinson
> <deusexmachina667 () gmail com> wrote:
> > Hey,
> >
> > I was just testing out some changes to my autosnort script and
> documenting
> > the install process and noticed that barnyard2 behaves a little bit
> > differently.
> >
> > It use to be that you could specify a directive via command line and via
> the
> > config file and the command line argument would win. Now it seems that if
> > you specify an argument in both places, BY2 just refuses to run. It
> throws a
> > fatal error stating that the argument cannot be specified in the config
> file
> > and on the command line.
> >
> > I took a look at the readme/changelog available via github, didn't really
> > find much regarding it. Has anyone else noticed this? Not that it truly
> > matters anymore; I just removed the offending options from the command
> line
> > and am about to commit the changes to the scripts regardless -- merely
> > curious.
>
> Hi Tony,
>
> Can you be more specific about which version you are using and which
> argument you are trying to run
> and what output you get and mabey its will be possible to
> assist/explain you further what is happening.
>
> Thank you.
>
> -elz



-- 
when does reality end? when does fantasy begin?

------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!