Snort mailing list archives

Re: gen-msg.map is missing! What to do? Where to get it?

From: Y M <snort () outlook com>
Date: Wed, 11 Mar 2015 20:37:39 +0000

Date: Wed, 11 Mar 2015 13:33:22 -0700
Subject: Re: [Snort-users] gen-msg.map is missing! What to do? Where to get it?
From: drewshg () gmail com
To: snort () outlook com; snort-users () lists sourceforge net

Thank you for your reply! 
I'm using OS X 10.10.2
Snort was installed from Homebrew (so I believe that means from package)
I've downloaded it from that link (https://www.snort.org/configurations) and now I'm getting this:

########################################################
$ barnyard2 -c /etc/barnyard2.conf -f merged.log -d /var/log/snort
Running in Continuous mode

        --== Initializing Barnyard2 ==--
Initializing Input Plugins!
Initializing Output Plugins!
Parsing config file "/etc/barnyard2.conf"

+[ Signature Suppress list ]+
----------------------------
+[No entry in Signature Suppress List]+
----------------------------
+[ Signature Suppress list ]+

Barnyard2 spooler: Event cache size set to [2048] 
ERROR: Can not get write access to logging directory "/var/log/barnyard2". (directory doesn't exist or permissions are 
set incorrectly or it is not a directory at all)
Fatal Error, Quitting..
Barnyard2 exiting
...
#######################################################

The permissions on "/var/log/barnyard2" are 755 (drwxr-xr-x   2 root   wheel   68B   barnyard2/).
So I've done this with sudo:

########################################################
Running in Continuous mode

        --== Initializing Barnyard2 ==--
Initializing Input Plugins!
Initializing Output Plugins!
Parsing config file "/etc/barnyard2.conf"

+[ Signature Suppress list ]+
----------------------------
+[No entry in Signature Suppress List]+
----------------------------
+[ Signature Suppress list ]+

Barnyard2 spooler: Event cache size set to [2048] 
Log directory = /var/log/barnyard2
INFO database: Defaulting Reconnect/Transaction Error limit to 10 
INFO database: Defaulting Reconnect sleep time to 5 second 
database: compiled support for (postgresql)
database: configured to use postgresql
database: schema version = 107
database:           host = localhost
database:           user = snort
database:  database name = snort
database:    sensor name = drew-sh.server:eth0
database:      sensor id = 1
database:     sensor cid = 1
database:  data encoding = hex
database:   detail level = full
database:     ignore_bpf = no
database: using the "log" facility

        --== Initialization Complete ==--

  ______   -*> Barnyard2 <*-
 / ,,_  \  Version 2.1.14 (Build 336)
 |o"  )~|  By Ian Firns (SecurixLive): http://www.securixlive.com/
 + '''' +  (C) Copyright 2008-2013 Ian Firns <firnsy () securixlive com>

WARNING: Unable to open waldo file '/var/log/barnyard2/waldo' (No such file or directory)
Opened spool file '/var/log/snort/merged.log.1425761696'
Closing spool file '/var/log/snort/merged.log.1425761696'. Read 0 records
Opened spool file '/var/log/snort/merged.log.1425763545'
Closing spool file '/var/log/snort/merged.log.1425763545'. Read 0 records
Opened spool file '/var/log/snort/merged.log.1425767870'
Closing spool file '/var/log/snort/merged.log.1425767870'. Read 0 records
Opened spool file '/var/log/snort/merged.log.1425767999'
Closing spool file '/var/log/snort/merged.log.1425767999'. Read 0 records
Opened spool file '/var/log/snort/merged.log.1425777240'
Closing spool file '/var/log/snort/merged.log.1425777240'. Read 0 records
Opened spool file '/var/log/snort/merged.log.1425777980'
Closing spool file '/var/log/snort/merged.log.1425777980'. Read 0 records
Opened spool file '/var/log/snort/merged.log.1425778034'
Closing spool file '/var/log/snort/merged.log.1425778034'. Read 0 records
Opened spool file '/var/log/snort/merged.log.1425965873'
Closing spool file '/var/log/snort/merged.log.1425965873'. Read 0 records
Opened spool file '/var/log/snort/merged.log.1425967054'
Closing spool file '/var/log/snort/merged.log.1425967054'. Read 0 records
Opened spool file '/var/log/snort/merged.log.1425967076'
Closing spool file '/var/log/snort/merged.log.1425967076'. Read 0 records
Opened spool file '/var/log/snort/merged.log.1426003439'
Waiting for new data
...
#######################################################

So there are no waldo file for some reason((( Any ideas?

# The above consecutive messages indicate that Barnyard2 is working on reading existing logs generated by Snort. As you 
can see, logs seem to be empty. As for the waldo file, Barnyard2 will create it for you, the message at the top is just 
a warning.
2015-03-11 13:11 GMT-07:00 Y M <snort () outlook com>:

Was Snort installed from a package or source? If from source, then this files exists under /etc after you untar the 
source. Verify first that the files does not exist in a different directory. If still not found, you can download it 
from here: https://www.snort.org/configurations
Date: Wed, 11 Mar 2015 13:04:09 -0700
From: drewshg () gmail com
To: snort-users () lists sourceforge net
Subject: [Snort-users] gen-msg.map is missing! What to do? Where to get it?

Hi guys!

When running:

$ barnyard2 -c /etc/barnyard2.conf -f merged.log -d /var/log/snort

Running in Continuous mode

        --== Initializing Barnyard2 ==--
Initializing Input Plugins!
Initializing Output Plugins!
Parsing config file "/etc/barnyard2.conf"

+[ Signature Suppress list ]+
----------------------------
+[No entry in Signature Suppress List]+
----------------------------
+[ Signature Suppress list ]+

ERROR: Unable to open Generator file "/etc/snort/gen-msg.map": No such file or directory
ERROR: [Barnyard2Init()], failed while processing [/etc/snort/gen-msg.map] 
Fatal Error, Quitting..
Barnyard2 exiting...

Where can I find this file? Please help me to solve this problem?
-- 
A.S.

------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!                                        

-- 
A.S.

------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

gen-msg.map is missing! What to do? Where to get it? Andrew Shagayev (Mar 11)
- Re: gen-msg.map is missing! What to do? Where to get it? Y M (Mar 11)
  - Re: gen-msg.map is missing! What to do? Where to get it? Andrew Shagayev (Mar 11)
    - Re: gen-msg.map is missing! What to do? Where to get it? Y M (Mar 11)
    - Message not available
    - Re: gen-msg.map is missing! What to do? Where to get it? Y M (Mar 11)