Snort mailing list archives
Duplicate classification, barnyard HUP
From: Michael Scheidell <scheidell () secnap net>
Date: Fri, 11 Oct 2002 08:11:20 -0400 (EDT)
I know that barnyard rc4 is due out soon, and great work by the way! One more thing thast I have been meaning to document, I just updated sid-msg.map and HUPed baryard, and syslog shows a lot of lines like this: Oct 11 08:04:51 [internal] barnyard: WARNING /etc/snort/classification.config(132): Duplicate classification "default-login-attempt"found, ignoring this line Oct 11 08:04:51 [internal] barnyard: Barnyard Version 0.1.0-rc3 (Build 11) started It seems that on a HUP, the classification fils are opened twice. It may be due to the directly spefified -g and -s options on command line during startup? anyone HUP barnyard and look at syslog output? /usr/local/bin/barnyard -c /etc/snort/barnyard.conf \ -d /var/log/snort -t /var/log/snort -f log -L /var/log/snort \ -w /var/log/snort/waldo.log -a /var/log/snort/tmp \ -g /etc/snort/rules/gen-msg.map -s /etc/snort/rules/sid-msg.map -- Michael Scheidell SECNAP Network Security Sales: 866-SECNAPNET / (1-866-732-6276) Main: 561-368-9561 / www.secnap.net Looking for a career in Internet security? http://www.secnap.net/employment/ ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Duplicate classification, barnyard HUP Michael Scheidell (Oct 11)