Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Duplicate classification, barnyard HUP

From: Michael Scheidell <scheidell () secnap net>
Date: Fri, 11 Oct 2002 08:11:20 -0400 (EDT)
I know that barnyard rc4 is due out soon, and great work by the way!

One more thing thast I have been meaning to document, I just updated
sid-msg.map and HUPed baryard, and syslog shows a lot of lines like this:

Oct 11 08:04:51 [internal] barnyard: WARNING
/etc/snort/classification.config(132): Duplicate classification
"default-login-attempt"found, ignoring this line
Oct 11 08:04:51 [internal] barnyard: Barnyard Version 0.1.0-rc3 (Build 11)
started

It seems that on a HUP, the classification fils are opened twice.

It may be due to the directly spefified -g and -s options on command line
during startup?

anyone HUP barnyard and look at syslog output?

/usr/local/bin/barnyard -c /etc/snort/barnyard.conf \
 -d /var/log/snort -t /var/log/snort -f log -L /var/log/snort \
-w /var/log/snort/waldo.log -a /var/log/snort/tmp \
-g /etc/snort/rules/gen-msg.map -s /etc/snort/rules/sid-msg.map
-- 
Michael Scheidell
SECNAP Network Security
Sales: 866-SECNAPNET / (1-866-732-6276)
Main: 561-368-9561 / www.secnap.net
Looking for a career in Internet security?
http://www.secnap.net/employment/


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: