Snort mailing list archives
Re: More barnyard woes
From: <bthaler () webstream net>
Date: Fri, 22 Feb 2002 12:33:35 -0500
Thanks, Chris. That got me sorted out. Unfortunately, I think barnyard's still way too beta for my needs. Sincerely, Brad T. ----- Original Message ----- From: "Chris Green" <cmg () uab edu> To: <snort-users () lists sourceforge net> Sent: Friday, February 22, 2002 11:24 AM Subject: Re: [Snort-users] More barnyard woes
[ please obey Reply-To: snort-users () lists sourceforge net ] <bthaler () webstream net> writes:Barnyard experts: When I run: barnyard -f snort.log.1014392389 I get: No Files found to read. Exiting Fatal Error, Quitting.. ExitingBarnyard doesn't have the clearest usage documentation ( my fault ) nor the most intuitive command line ( haven't seen a good recommendation ). Barnyard acts as a daemon in the standard case and the -f is a file name filter barnyard -c /etc/snort/barnyard.conf \ -d /var/log/snort -g /etc/snort/gen-msg.map \ -s /etc/snort/sid-msg.map -f snort.log note the -d pointing to /var/log/snort that is the directory where snort logs will be dropped off and scanned constantly the -f snort.log is a basename filter. so it looks for /var/log/snort/snort.log.* where the .* is the timestamp name of the file. -o is one shot mode and thats designed to be someone testing out or batch processing something rather than the scanning a directory constantly.When I run: barnyard -o -f snort.log.1014392389 it seems to work. Am I doing something wrong? Any help is appreciated.-- Chris Green <cmg () uab edu> This is my signature. There are many like it but this one is mine. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- More barnyard woes bthaler (Feb 22)
- Message not available
- Re: More barnyard woes Chris Green (Feb 22)
- Re: More barnyard woes bthaler (Feb 22)
- Re: More barnyard woes Chris Green (Feb 22)
- Message not available