Snort mailing list archives

Re: Help with barnyard.

From: "Andrew R. Baker" <andrewb () snort org>
Date: Wed, 08 Oct 2003 11:35:16 -0400

Chhabria, Kavita - Apogent wrote:

Hello everyone:
I am trying to configure barnyard-0.1.0 to work with snort-2.0.1 and I am
getting an error message saying "Unable to open spool file....Exiting" when
I run barnyard.
I start barnyard at the command line using the following command-line
options:
barnyard -c /root/barnyard-0.1.0/etc/barnyard.conf -d /var/log/snort \
-f unified_snort.log.1065623999 -L /var/log/barnyard \
-g /etc/snort/gen-msg.map -s /etc/snort/sid-msg.map
When I look at the /var/log/snort directory, there is a file called
unified_snort.log.1065623999.  So, anyone, please tell me what possibly can
be the cause of the above error message.
Also, to let everyone know I have configured the snort.conf file to have the
following line
output log_unified: filename unified_snort.log, limit 128Anyone have any ideas or thoughts or suggestions?

You need to either remove the ".1065623999" extension from the "-f"argument (for continual spool processing) or add the "-o" command lineswitch to tell Barnyard to only read the one file.


-A



-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Help with barnyard. Chhabria, Kavita - Apogent (Oct 08)
- Re: Help with barnyard. Andrew R. Baker (Oct 08)