Re: [Barnyard-users] " No input plugin found for magic: a1b2c3d4" Issue

[Joel Esler <joel.esler () mac com>]

http://nsmwiki.org/Sguil_FAQ#Barnyard_says_.22No_input_plugin_found.22.

J

On May 7, 2008, at 3:33 PM, Rachmat Hidayat Al-Anshar wrote:

> In a last 2 day, i try to find out why did this happen and try to  
> find the solution. I still didn't make it. I have no idea, why  
> barnyard still didn't working. Barnyard always say that it  
> can't find any input plugin. I never find this kind of problem  
> on linux based os. I beg for a help :-(. Could anyone who has  
> successfully applying barnyard to share your experience with me.
>
> Regard.
> Matt
>
> Rachmat Hidayat Al-Anshar wrote:
> > I try to installing snort-2.8.0.1 on OpenBSD-4.2, before that, I  
> > try to patching it with snortsam's patch diff file  
> > (snortsam-2.8.0.1.diff). There is nothing to problem at all when I  
> > have to compiling and installing Snort. But I got this following  
> > error when issuing "make" to installing Barnyard: ProgVars.c: In  
> > function `ProgVars_Fprintf': ProgVars.c:672: warning: long unsigned  
> > int format, time_t arg (arg 3) gcc  -g -O2 -Wall -L/usr/local/lib/ 
> > mysql/ -o barnyard  barnyard.o mstring.o strlcatu.o strlcpyu.o  
> > util.o  spool.o sid.o debug.o classification.o CommandLineArgs.o  
> > ConfigFile.o  ProgVars.o output-plugins/libop.a input-plugins/ 
> > libdp.a -lz -lssl -lmysqlclient /usr/local/lib/mysql// 
> > libmysqlclient.so.18.0: warning: strcpy() is almost always misused,  
> > please use strlcpy() output-plugins/libop.a(op_sguil.o)(.text 
> > +0xea): In function `OpSguil_Start': /etc/barnyard/src/output- 
> > plugins/op_sguil.c:220: warning: sprintf() is often misused,
> > please use snprintf() output-plugins/libop.a(op_sguil.o)(.text 
> > +0x4da): In function `OpSguil_Log': /etc/barnyard/src/output- 
> > plugins/op_sguil.c:366: warning: strcat() is almost always misused,  
> > please use strlcat() I try to continue the process with hope there  
> > is nothing wrong with barnyard processing the snort's unified file.  
> > But lately I know that I was wrong... Barnyard produce this  
> > messages # tail /var/log/messages May  7 09:01:00 snort barnyard:  
> > No bookmark file found, processing all events May  7 09:01:03 snort  
> > barnyard[10430]: Initializing daemon mode May  7 09:01:03 snort  
> > barnyard[23654]: Opened spool file '/var/log/snort//snort.log. 
> > 1210120583' May  7 09:01:03 snort barnyard[23654]: FATAL ERROR:  
> > ERROR: No input plugin found for magic: a1b2c3d4 May  7 09:01:03  
> > snort barnyard[23654]: Exiting when I try to running it with: # / 
> > usr/local/bin/barnyard \ -c /etc/snort/barnyard.conf
> > \ -d /var/log/snort/ \ -L /var/log/snort/ \ -s /etc/snort/sid- 
> > msg.map \ -g /etc/snort/gen-msg.map \ -p /etc/snort/ 
> > classification.config \ -a /var/log/snort/archive/ \ -f snort.log \  
> > -w /var/log/snort/barnyard.waldo \ -X /var/run/barnyard.pid \ -D  
> > Now, what should I do? Thanks in advance Regard Matt
> >      Be a better friend, newshound, and
> > know-it-all with Yahoo! Mobile.  Try it now.
>
>
>
>       
> ____________________________________________________________________________________
> Be a better friend, newshound, and
> know-it-all with Yahoo! Mobile.  Try it now.  http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
> Don't miss this year's exciting event. There's still time to save  
> $100.
> Use priority code J8TL2D2.
> http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


--
Joel Esler
  joel.esler () mac com
  http://blog.joelesler.net





-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don't miss this year's exciting event. There's still time to save $100. 
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users