Snort mailing list archives
Re: Help with barnyard.
From: "Andrew R. Baker" <andrewb () snort org>
Date: Wed, 08 Oct 2003 11:35:16 -0400
Chhabria, Kavita - Apogent wrote:
Hello everyone:I am trying to configure barnyard-0.1.0 to work with snort-2.0.1 and I amgetting an error message saying "Unable to open spool file....Exiting" when I run barnyard.I start barnyard at the command line using the following command-lineoptions:barnyard -c /root/barnyard-0.1.0/etc/barnyard.conf -d /var/log/snort \-f unified_snort.log.1065623999 -L /var/log/barnyard \ -g /etc/snort/gen-msg.map -s /etc/snort/sid-msg.mapWhen I look at the /var/log/snort directory, there is a file calledunified_snort.log.1065623999. So, anyone, please tell me what possibly can be the cause of the above error message.Also, to let everyone know I have configured the snort.conf file to have thefollowing lineoutput log_unified: filename unified_snort.log, limit 128 Anyone have any ideas or thoughts or suggestions?
You need to either remove the ".1065623999" extension from the "-f" argument (for continual spool processing) or add the "-o" command line switch to tell Barnyard to only read the one file.
-A ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Help with barnyard. Chhabria, Kavita - Apogent (Oct 08)
- Re: Help with barnyard. Andrew R. Baker (Oct 08)