Snort mailing list archives

Previous By Date Next
Previous By Thread Next

barnyard 2 localtime error (UNCLASSIFIED)

From: "Craig" <reswob10 () gmail com>
Date: Thu, 13 Aug 2009 12:49:45 -0400
Classification:  UNCLASSIFIED 
Caveats: NONE


Hi all, I'm building a new IDS, with Ubuntu server 9.04 (no gui) and
barnyard 2.1.6 and Snort 2.8.4.1.   For the test build, I'm using a VM using
NAT.  Installed the server with the LAMP option.  Installed and configured
Snort, BASE, and barnyard.  Everything was working and going well (graphs,
alerts, etc) until I wanted to configure Barnyard to use localtime instead
of UTC.  Then, for some reason, barnyard wouldn't start.  Below is the
command I ran while troubleshooting and the output:

sudo /usr/local/bin/barnyard2 -T -u snort -g snort -c
/etc/snort/barnyard2.conf -G /etc/snort/gen-msg.map -S
/etc/snort/sid-msg.map -d /var/log/snort -f snort.u2 -w
/etc/snort/bylog.waldo

Running in Continuous mode with inferred config file:
/etc/snort/barnyard2.conf

        --== Initializing Barnyard2 ==--
Initializing Input Plugins!
Initializing Output Plugins!
Parsing rules files /etc/snort/barnyard2.conf

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
ERROR: Unknown config directive: config localtime
Fatal Error, Quitting..

Here is the relevant part of my barnyard2.conf:

# Step 1: configure the variable declarations
# To keep from having a commandline that uses every letter in the alphabet
# most configuration options are set here

# enable daemon mode
#config daemon

# use localtime instead of UTC (*NOT* recommended because of timewarps)
config localtime

# set the appropriate paths to the file(s) your Snort process is using
config reference-map:   /etc/snort/reference.config
config class-map:           /etc/snort/classification.config
config gen-msg-map:     /etc/snort/gen-msg.map
config sid-msg-map:         /etc/snort/sid-msg.map


Searching on this error has so far produced no relevant hits, so I thought
I'd put a quick post to see if anyone else has seen this.....





Craig L. Bowser
CISSP           SANS GSEC (Gold)
-------------------------------
"Every election is a sort of advance auction sale of stolen goods." -- H. L.
Mencken 
Classification:  UNCLASSIFIED 
Caveats: NONE



------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: