Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: sguil and barnyard errors

From: Bamm Visscher <bamm () satx rr com>
Date: Wed, 8 Oct 2003 11:37:00 -0500
For some reason, the op_sguil plugin didn't get compiled into barnyard. Try a `make distclean` from your barnyard src 
root and follow the instructions again.  BTW, which instructions are you using?

FYI: You can post sguil questions to sguil-users and sguil-devel.

Bammkkkk

On Wed, Oct 08, 2003 at 09:55:59AM -0600, Kerry Cox wrote:

Not exactly Snort-related, but I thought I'd throw this out. 
I'm trying to get Squil to run on a Red Hat 9 machine with the latest
patches and kernel.
Just want to try it out for management. I have been following the
instructions for configuring barnyard including modifying the
op_plugbase.c and Makefile. It appears to compile fine. But when I run
barnyard, here is what I see:

# barnyard -c /usr/local/etc/snort/barnyard.conf -d /usr/local/etc/snort
-g /usr/local/etc/snort/gen-msg.map -s /usr/local/etc/snort/sid-msg.map
-f snort.log -w /usr/local/etc/snort/waldo.file

-*> Barnyard! <*-
Version 0.1.0 (Build 17)
By Andrew R. Baker (andrewb () snort org)
and Martin Roesch (roesch () sourcefire com, www.snort.org)

Loading Data Processors...
dp_alert loaded
dp_log loaded
dp_stream_stat loaded
Loading Built-in Output Plugins...
Fast Alert plugin initialized
AlertSyslog initialized
Log Dump plugin initialized
LogPcap initialized
AlertCSV initialized
Parsing Config file: /usr/local/etc/snort/barnyard.conf
WARNING /usr/local/etc/snort/barnyard.conf(158) => Unknown output plugin
"sguil" referenced, ignoring!Barnyard Version 0.1.0 (Build 17) started
Unable to open spool file
Exiting

This is what I have in my barnyard.conf file. I have removed all
comments for the sake of space. 


config hostname: localhost
config interface: eth0
config filter: not port 22
processor dp_alert
processor dp_log
processor dp_stream_stat
output alert_fast
output log_dump
output sguil: mysql, sensor_id 0, database sguildb, server localhost,
user root, password *****, sguild_host localhost, sguild_port 7736

Please forgive my ignorance of barnyard, but I'm working on it. If
anyone has any ideas, I'd be interested in hearing them.
Thanks.
KJ


-- 
Kerry Cox <kerry.cox () ksl com>
KSL Radio and Television





-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: