Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Help with barnyard

From: "Chris Eidem" <jceidem () dexma com>
Date: Thu, 18 Oct 2001 11:12:38 -0500
Fellow snorters,

I'm trying to get barnyard to do _something_.  If I start snort thusly:
(pwd=/usr/local/snort)
snort -c ./snortuo.conf -i xl1

I get [snipped ouput]: 
UnifiedAlertFilename = snort.alert
Opening /var/log/snort/1018 () 1050-snort log
923 Snort rules read...
923 Option Chains linked into 921 Chain Headers
0 Dynamic rules
+++++++++++++++++++++++++++++++++++++++++++++++++++

Rule application order: ->activation->dynamic->alert->pass->log

        --== Initialization Complete ==--

-*> Snort! <*-
Version 1.8.1-RELEASE (Build 74)
By Martin Roesch (roesch () sourcefire com, www.snort.org)

and then run barnyard (again from /usr/local/snort)
barnyard -c ./barnyard.conf -s ./sid-msg.map -g ./gen-msg.map -d
/var/log/snort -f snort.alert

I get:

   --== Initializing Barnyard ==--

-*> Barnyard! <*-
Version 0.1.0-beta4 (Build 5)
By Martin Roesch (roesch () sourcefire com, www.snort.org)
and Andrew R. Baker (andrewb () uab edu)

Loading Data Processors...
dp_alert loaded
dp_log loaded
dp_stream_stat loaded
Loading Built-in Output Plugins...
Fast Alert plugin initialized
AlertSyslog initialized
Log Dump plugin initialized
LogPcap initialized
AcidDb output plugin initialized
Parsing Config file: ./barnyard.conf

   --== Initialization Complete ==--

No Files found to read.  Exiting
Fatal Error, Quitting..
Exiting


No files found?  Even if I add the time stamp to the command above I get
the same thing.  This has got to be a stupid thing I'm missing when
trying to run this.  I mean I personally have stupid to spare, but what
detail have I skipped?

<pertinent info>
OpenBSD 2.8-stable

[snippage from snortuo.conf]

# unified: Snort unified binary format alerting and logging
# -------------------------------------------------------------
.
.
.
#
output alert_unified: snort.alert
output log_unified: snort.log

include /usr/local/snort/exploit.rules
include /usr/local/snort/scan.rules
.
.
.
include /usr/local/snort/local.rules

</pertinent info>


Chris Eidem                        Dexma, Inc.
Network Administrator              7701 York Av. S.
Phone: 952.229.1311                Edina, MN 55435

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: