Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Snort, Barnyard, webmin issues

From: Kevin Smith <kjsmith () tm net>
Date: Fri, 02 Dec 2005 13:50:30 -0500
Hey everyone,
I know this problem is something to do with webmin, but I figured someone here may have seen this error before.
I'm setting up snort (Version 2.4.3 (Build 26)) with barnyard (Version 0.2.0 (Build 32)) and logging to a mysql database on a Fedora Core 4 system. Snort is configured to log to tcpdump logs that barnyard will read into the DB.
When I run the commands below (without -D of course), everything works fine. Even with the -D so of course there is no error shown. Now, in webmin under the snort module, I have the same command for snort under "full path to snort executable (with options)" under the module configuration as I do below for snort. Snort starts without any problems but it doesn't generate tcpdump logs, and when I start barnyard, which I do manually, I get this error if I take the -D option off. 

Barnyard Version 0.2.0 (Build 32)
Opened spool file '/var/log/snort/snort.log.1133542635'
ERROR: No input plugin found for magic: a1b2c3d4
Fatal Error, Quitting..
Exiting
My question is, is there a reason why the command from the prompt will start logging correctly but from webmin the same command will not? Has anyone seen this error before? I know it is because the tcpdump log files are not being generated, but I can't seem to figure out why it is not generating the files. Any ideas or suggestions would be great. 

Thanks,
Kevin

Here are the commands and configuration settings.


Here is the output config from snort:
output log_tcpdump: tcpdump.log
output log_unified: filename /var/log/snort/snort.log, limit 128

Command for barnyard to start:
barnyard -c /usr/src/barnyard-0.2.0/etc/barnyard.conf -d /var/log/snort -a /var/log/snort-archive -f snort.log -w /var/log/snort/waldo -s /etc/snort/sid-msg.map -g /etc/snort/gen-msg.map -p /etc/snort/classification.config -D 

Command to start snort:
/usr/sbin/snort -u snort -g snort -d -C -c /etc/snort/snort.conf -A fast -D





-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: