barnyard problem

[Jasmine CHUA <Jasmine.Chua () internationalsos com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all

barnyard works at first. But stopped working the next time I start it. It's
supposed to create a waldo file by itself but it dint. Below is the strace
output.   

I am using barnyard-1.0. 

Anyone encountering the same problem?  


write(2, "Loading Data Processors...\n", 27Loading Data Processors...
) = 27
write(2, "dp_alert loaded\n", 16dp_alert loaded
)       = 16
write(2, "dp_log loaded\n", 14dp_log loaded
)         = 14
write(2, "dp_stream_stat loaded\n", 22dp_stream_stat loaded
) = 22
write(2, "Loading Built-in Output Plugins."..., 35Loading Built-in Output
Plugins...
) = 35
write(2, "Fast Alert plugin initialized\n", 30Fast Alert plugin initialized
) = 30
write(2, "AlertSyslog initialized\n", 24AlertSyslog initialized
) = 24
write(2, "Log Dump plugin initialized\n", 28Log Dump plugin initialized
) = 28
write(2, "LogPcap initialized\n", 20LogPcap initialized
)   = 20
write(2, "AcidDb output plugin initialized"..., 33AcidDb output plugin
initialized
) = 33
write(2, "Sguil output plugin initialized\n", 32Sguil output plugin
initialized
) = 32
write(2, "AlertCSV initialized\n", 21AlertCSV initialized
)  = 21
write(2, "Parsing Config file: /etc/snort/"..., 46Parsing Config file:
/etc/snort/barnyard.conf
) = 46
open("/etc/snort/barnyard.conf", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=6021, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x40016000
read(3, "#-------------------------------"..., 4096) = 4096
read(3, "    - ICMP type (if ICMP)\n#   dp"..., 4096) = 1925
time([1085737682])                      = 1085737682
open("/etc/localtime", O_RDONLY)        = 4
fstat64(4, {st_mode=S_IFREG|0644, st_size=56, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x40017000
read(4, "TZif\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\1\0\0\0\1\0"..., 4096) =
56
close(4)                                = 0
munmap(0x40017000, 4096)                = 0
rt_sigaction(SIGPIPE, {0x4013b500, [], SA_RESTORER, 0x400925d8}, {SIG_DFL},
8) = 0
socket(PF_UNIX, SOCK_DGRAM, 0)          = 4
fcntl64(4, F_SETFD, FD_CLOEXEC)         = 0
connect(4, {sa_family=AF_UNIX, path="/dev/log"}, 16) = -1 EPROTOTYPE
(Protocol wrong type for socket)
close(4)                                = 0
socket(PF_UNIX, SOCK_STREAM, 0)         = 4
fcntl64(4, F_SETFD, FD_CLOEXEC)         = 0
connect(4, {sa_family=AF_UNIX, path="/dev/log"}, 16) = 0
send(4, "<29>May 28 09:48:02 barnyard: Ar"..., 165, 0) = 165
rt_sigaction(SIGPIPE, {SIG_DFL}, NULL, 8) = 0
read(3, "", 4096)                       = 0
close(3)                                = 0
munmap(0x40016000, 4096)                = 0
open("/snort_data/barnyard.waldo", O_RDONLY) = -1 ENOENT (No such file or
directory)
time([1085737682])                      = 1085737682
rt_sigaction(SIGPIPE, {0x4013b500, [], SA_RESTORER, 0x400925d8}, {SIG_DFL},
8) = 0
send(4, "<29>May 28 09:48:02 barnyard: In"..., 56, 0) = 56
rt_sigaction(SIGPIPE, {SIG_DFL}, NULL, 8) = 0
fork()                                  = 11156
- --- SIGCHLD (Child exited) @ 0 (0) ---
munmap(0x40015000, 4096)                = 0
exit_group(0)                           = ?

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.1

iQA/AwUBQLcOS/4wcdIw6CVjEQJNjACghTbgSNAR8m0XzfewO7lBB6JHUOAAniNy
O5TL2JqXyY9ydybOuDQxHa8N
=yhBp
-----END PGP SIGNATURE-----


-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users