RE: Barnyard run problems

[tforeman () ibsys com]

> > On Wed, 11 Jun 2003 tforeman () ibsys com wrote:
> >
> > > I have installed barnyard and am trying to get it to run.
> > >
> > > RH 8.0 Kernel: 2.4.20-13.7smp
> >
> > [...snip...]
> >
> > > > ERROR => No input plugin found for magic: a1b2c3d4
> >
> > [...snip...]
> >
> > It's 'endian-ness'.  The unified data was written on bigendian box
> > (sparc) and is being processed on a little endian box 
> (i386)--Or vice
> > versa.
> >
> > Change it to use the same kind of boxes and you're good to go.
>
> What Erek said would cause this problem, but I think that there is a
> more likely explaination.
>
> You are feeding Barnyard and snort pcap output file.  
> Barnyard subsists
> exclusively on a diet of snort unified output files.
>
> See the output unified section of snort.conf
>
> -steve

Steve hits the nail on the head. I had not changed the snort.conf
file to output unified files. Nicholas Delo also sent me the same
suggestion directly.

Thanks to all for the speedy responses!

--
Timothy W. Foreman   ~   System Administrator   ~   tforeman () ibsys com
Internet Broadcasting Systems ~ (651) 365-4181 ~ http://www.ibsys.com/
--
       I am Dyslexic of Borg. -  Resistors are fertile.
            Prepare to have your ass laminated.


-------------------------------------------------------
This SF.NET email is sponsored by: eBay
Great deals on office technology -- on eBay now! Click here:
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users