Barnyard seems to do nothing

[Iain Hallam <ccidsh () swarfega plus com>]

Hi.

I've got Snort 2.0.2 installed and working fine on my network - although 
it's looking for scans from $HOME_NET to catch local problems rather 
than preventing external problems. I decided that I'd like to process 
Snort's output more flexibly, so I compiled barnyard 0.1 and used "make 
install" to get it set up.

The command line I'm using for barnyard is:

/usr/bin/barnyard -c /etc/snort/barnyard.conf -d /var/log/snort \
  -g /etc/snort/rules/gen-msg.map -s /etc/snort/rules/sid-msg.map \
  -f alert -D

From the USAGE file I take this to mean that barnyard will work in 
continuous mode, but there never seems to be a barnyard process on the 
system after this runs - I just get:

-*> Barnyard! <*-
Version 0.1.0 (Build 17)
By Andrew R. Baker (andrewb () snort org)
and Martin Roesch (roesch () sourcefire com, www.snort.org)

Can anyone tell me what steps I should take from here to try to find out 
what's going on with barnyard, please?

Thanks,

Iain Hallam.

P.S.: Incidentally, my snort.conf has both alert_unified and log_unified 
output plugins enabled, but only snort.log appears in unified format.



-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users