Snort mailing list archives
Re: gen-msg.map is missing! What to do? Where to get it?
From: Andrew Shagayev <drewshg () gmail com>
Date: Wed, 11 Mar 2015 13:33:22 -0700
*Thank you for your reply! I'm using OS X 10.10.2Snort was installed from Homebrew (so I believe that means from package)* *I've downloaded it from that link (https://www.snort.org/configurations <https://www.snort.org/configurations>) and now I'm getting this:* ######################################################## $ barnyard2 -c /etc/barnyard2.conf -f merged.log -d /var/log/snort Running in Continuous mode --== Initializing Barnyard2 ==-- Initializing Input Plugins! Initializing Output Plugins! Parsing config file "/etc/barnyard2.conf" +[ Signature Suppress list ]+ ---------------------------- +[No entry in Signature Suppress List]+ ---------------------------- +[ Signature Suppress list ]+ Barnyard2 spooler: Event cache size set to [2048] ERROR: Can not get write access to logging directory "/var/log/barnyard2". (directory doesn't exist or permissions are set incorrectly or it is not a directory at all) Fatal Error, Quitting.. Barnyard2 exiting ... ####################################################### *The permissions on "/var/log/barnyard2" are 755 (drwxr-xr-x 2 root wheel 68B barnyard2/).* *So I've done this with sudo:* ######################################################## Running in Continuous mode --== Initializing Barnyard2 ==-- Initializing Input Plugins! Initializing Output Plugins! Parsing config file "/etc/barnyard2.conf" +[ Signature Suppress list ]+ ---------------------------- +[No entry in Signature Suppress List]+ ---------------------------- +[ Signature Suppress list ]+ Barnyard2 spooler: Event cache size set to [2048] Log directory = /var/log/barnyard2 INFO database: Defaulting Reconnect/Transaction Error limit to 10 INFO database: Defaulting Reconnect sleep time to 5 second database: compiled support for (postgresql) database: configured to use postgresql database: schema version = 107 database: host = localhost database: user = snort database: database name = snort database: sensor name = drew-sh.server:eth0 database: sensor id = 1 database: sensor cid = 1 database: data encoding = hex database: detail level = full database: ignore_bpf = no database: using the "log" facility --== Initialization Complete ==-- ______ -*> Barnyard2 <*- / ,,_ \ Version 2.1.14 (Build 336) |o" )~| By Ian Firns (SecurixLive): http://www.securixlive.com/ + '''' + (C) Copyright 2008-2013 Ian Firns <firnsy () securixlive com> WARNING: Unable to open waldo file '/var/log/barnyard2/waldo' (No such file or directory) Opened spool file '/var/log/snort/merged.log.1425761696' Closing spool file '/var/log/snort/merged.log.1425761696'. Read 0 records Opened spool file '/var/log/snort/merged.log.1425763545' Closing spool file '/var/log/snort/merged.log.1425763545'. Read 0 records Opened spool file '/var/log/snort/merged.log.1425767870' Closing spool file '/var/log/snort/merged.log.1425767870'. Read 0 records Opened spool file '/var/log/snort/merged.log.1425767999' Closing spool file '/var/log/snort/merged.log.1425767999'. Read 0 records Opened spool file '/var/log/snort/merged.log.1425777240' Closing spool file '/var/log/snort/merged.log.1425777240'. Read 0 records Opened spool file '/var/log/snort/merged.log.1425777980' Closing spool file '/var/log/snort/merged.log.1425777980'. Read 0 records Opened spool file '/var/log/snort/merged.log.1425778034' Closing spool file '/var/log/snort/merged.log.1425778034'. Read 0 records Opened spool file '/var/log/snort/merged.log.1425965873' Closing spool file '/var/log/snort/merged.log.1425965873'. Read 0 records Opened spool file '/var/log/snort/merged.log.1425967054' Closing spool file '/var/log/snort/merged.log.1425967054'. Read 0 records Opened spool file '/var/log/snort/merged.log.1425967076' Closing spool file '/var/log/snort/merged.log.1425967076'. Read 0 records Opened spool file '/var/log/snort/merged.log.1426003439' Waiting for new data ... ####################################################### *So there are no waldo file for some reason((( Any ideas?* 2015-03-11 13:11 GMT-07:00 Y M <snort () outlook com>:
Was Snort installed from a package or source? If from source, then this files exists under /etc after you untar the source. Verify first that the files does not exist in a different directory. If still not found, you can download it from here: https://www.snort.org/configurations ------------------------------ Date: Wed, 11 Mar 2015 13:04:09 -0700 From: drewshg () gmail com To: snort-users () lists sourceforge net Subject: [Snort-users] gen-msg.map is missing! What to do? Where to get it? Hi guys! When running: $ barnyard2 -c /etc/barnyard2.conf -f merged.log -d /var/log/snort Running in Continuous mode --== Initializing Barnyard2 ==-- Initializing Input Plugins! Initializing Output Plugins! Parsing config file "/etc/barnyard2.conf" +[ Signature Suppress list ]+ ---------------------------- +[No entry in Signature Suppress List]+ ---------------------------- +[ Signature Suppress list ]+ ERROR: Unable to open Generator file "/etc/snort/gen-msg.map": No such file or directory ERROR: [Barnyard2Init()], failed while processing [/etc/snort/gen-msg.map] Fatal Error, Quitting.. Barnyard2 exiting ... Where can I find this file? Please help me to solve this problem? -- A.S. ------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users <https://lists.sourceforge.net/lists/listinfo/snort-usersSnort-users> list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
-- A.S.
------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- gen-msg.map is missing! What to do? Where to get it? Andrew Shagayev (Mar 11)
- Re: gen-msg.map is missing! What to do? Where to get it? Y M (Mar 11)
- Re: gen-msg.map is missing! What to do? Where to get it? Andrew Shagayev (Mar 11)
- Re: gen-msg.map is missing! What to do? Where to get it? Y M (Mar 11)
- Message not available
- Re: gen-msg.map is missing! What to do? Where to get it? Y M (Mar 11)
- Re: gen-msg.map is missing! What to do? Where to get it? Andrew Shagayev (Mar 11)
- Re: gen-msg.map is missing! What to do? Where to get it? Y M (Mar 11)