Snort mailing list archives

Re: Barnyard2 unable to start service

From: Pratibha Rajan <pratibha.nair12 () outlook com>
Date: Thu, 18 Aug 2016 07:45:13 +0530

Thanks for responding ; this is  the output I get after making the changes you suggested:

[root@tparheidsp001 init.d]# systemctl status barnyard2.service● barnyard2.service - SYSV: Barnyard2 is an output 
processor for snort.   Loaded: loaded (/etc/rc.d/init.d/barnyard2)   Active: failed (Result: resources) since Wed 
2016-08-17 22:08:19 EDT; 13s ago     Docs: man:systemd-sysv-generator(8)  Process: 10775 
ExecStart=/etc/rc.d/init.d/barnyard2 start (code=exited, status=0/SUCCESS)
Aug 17 22:08:19 tparheidsp001.enterprisenet.org barnyard2[10775]: --gen-msg <file>                  Same as -GAug 17 
22:08:19 tparheidsp001.enterprisenet.org barnyard2[10775]: --sid-msg <file>                  Same as -SAug 17 22:08:19 
tparheidsp001.enterprisenet.org barnyard2[10775]: --process-new-records-only        Same as -nAug 17 22:08:19 
tparheidsp001.enterprisenet.org barnyard2[10775]: --pid-path <dir>                  Specify the directory for the 
barnyard2 PID fileAug 17 22:08:19 tparheidsp001.enterprisenet.org barnyard2[10775]: --help                            
Same as -?Aug 17 22:08:19 tparheidsp001.enterprisenet.org barnyard2[10775]: --version                         Same as 
-VAug 17 22:08:19 tparheidsp001.enterprisenet.org barnyard2[10775]: --create-pidfile                  Create PID file, 
even when not in Daemon modeAug 17 22:08:19 tparheidsp001.enterprisenet.org barnyard2[10775]: --nolock-pidfile          
        Do not try to lock barnyard2 PID fileAug 17 22:08:19 tparheidsp001.enterprisenet.org barnyard2[10775]: [  OK  
]Aug 17 22:08:19 tparheidsp001.enterprisenet.org barnyard2[10775]: touch: cannot touch 
‘/var/lock/subsys//usr/local/bin/barnyard2’: No such file or directory

*********************************************************************************************
Continous mode seems to run fine:
******************************************************************************************

Aug 17 18:48:23 tparheidsp001 barnyard2: Barnyard2 spooler: Event cache size set to [2048]Aug 17 18:48:23 tparheidsp001 
barnyard2: Log directory = /var/log/snortAug 17 18:48:23 tparheidsp001 barnyard2: INFO database: Defaulting 
Reconnect/Transaction Error limit to 10Aug 17 18:48:23 tparheidsp001 barnyard2: INFO database: Defaulting Reconnect 
sleep time to 5 secondAug 17 18:48:23 tparheidsp001 barnyard2: Initializing daemon modeAug 17 18:48:23 tparheidsp001 
barnyard2: Daemon parent exitingAug 17 18:48:23 tparheidsp001 barnyard2: Daemon initialized, signaled parent pid: 
9927Aug 17 18:48:23 tparheidsp001 barnyard2: PID path stat checked out ok, PID path set to /var/run/Aug 17 18:48:23 
tparheidsp001 barnyard2: Writing PID "9936" to file "/var/run//barnyard2_ens192.pid"Aug 17 18:52:48 tparheidsp001 
barnyard2: [SignatureReferencePullDataStore()]: No Reference found in database ...Aug 17 18:52:48 tparheidsp001 
barnyard2: database: compiled support for (mysql)Aug 17 18:52:48 tparheidsp001 barnyard2: database: configured to use 
mysqlAug 17 18:52:48 tparheidsp001 barnyard2: database: schema version = 107Aug 17 18:52:48 tparheidsp001 barnyard2: 
database:           host = Aug 17 18:52:48 tparheidsp001 barnyard2: database:           user =Aug 17 18:52:48 
tparheidsp001 barnyard2: database:  database name = Aug 17 18:52:48 tparheidsp001 barnyard2: database:    sensor name = 
tparheidsp001:ensAug 17 18:52:48 tparheidsp001 barnyard2: database:      sensor id = 1Aug 17 18:52:48 tparheidsp001 
barnyard2: database:     sensor cid = 2Aug 17 18:52:48 tparheidsp001 barnyard2: database:  data encoding = hexAug 17 
18:52:48 tparheidsp001 barnyard2: database:   detail level = fullAug 17 18:52:48 tparheidsp001 barnyard2: database:     
ignore_bpf = noAug 17 18:52:48 tparheidsp001 barnyard2: database: using the "log" facilityAug 17 18:52:48 tparheidsp001 
barnyard2:Aug 17 18:52:48 tparheidsp001 barnyard2:        --== Initialization Complete ==--Aug 17 18:52:48 
tparheidsp001 barnyard2: Barnyard2 initialization completed successfully (pid=9936)Aug 17 18:52:48 tparheidsp001 
barnyard2: Using waldo file '/var/log/barnyard2/barnyard2.waldo':#012    spool directory = /var/log/snort#012    spool 
filebase  = snort.log#012    time_stamp      = 1471461503#012    record_idx      = 0Aug 17 18:52:48 tparheidsp001 
barnyard2: Opened spool file '/var/log/snort/snort.log.1471461503'Aug 17 18:52:48 tparheidsp001 barnyard2: Waiting for 
new dataThanks
Pratibha

To: snort-users () lists sourceforge net
From: wkitty42 () windstream net
Date: Wed, 17 Aug 2016 17:36:58 -0400
Subject: Re: [Snort-users] Barnyard2 unable to start service

On 08/17/2016 01:34 PM, Pratibha Rajan wrote:

Hi Bala,

Below is the output I get:

# which barnyard2
/usr/local/bin/barnyard2


that output might be what is needed in the "prog" variable in that script 
instead of just "barnyard2"...

find the line


prog="barnyard2"


and change it to


#prog="barnyard2"


then add another line right below it


prog="/usr/local/bin/barnyard2"


and see if that makes any difference... if it does not, remove the added line 
and the "#" to return to where you started...


-- 
  NOTE: No off-list assistance is given without prior approval.
        *Please keep mailing list traffic on the list* unless
        private contact is specifically requested and granted.

------------------------------------------------------------------------------
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Barnyard2 unable to start service Pratibha Rajan (Aug 16)
- Re: Barnyard2 unable to start service Balasubramaniam Natarajan (Aug 17)
  - Re: Barnyard2 unable to start service Pratibha Rajan (Aug 17)
    - Re: Barnyard2 unable to start service Pratibha Rajan (Aug 17)
    - Re: Barnyard2 unable to start service Ian (Aug 19)
    - Re: Barnyard2 unable to start service Pratibha Rajan (Aug 19)
    - Re: Barnyard2 unable to start service wkitty42 (Aug 17)
    - Re: Barnyard2 unable to start service Pratibha Rajan (Aug 17)
    - Re: Barnyard2 unable to start service wkitty42 (Aug 18)
    - Re: Barnyard2 unable to start service Pratibha Rajan (Aug 18)
    - Re: Barnyard2 unable to start service wkitty42 (Aug 19)