Snort mailing list archives
Re: Barnyward not running properly
From: JJC <cummingsj () gmail com>
Date: Mon, 28 Jun 2010 10:37:53 -0600
1. What version of by2?
1. There was an earlier version that did have some bookmark file
issues.. pre 17 or 16 I think.
2. Do you have permissions to write / modify the by2 waldo file under the
context that you are running by?
3. Are you writing unified2 logs from snort?
4. Have you verified that you are generating events from snort?
5. Have you deleted all old unified logs if they existed?
6. Are you specifying the correct path to the unified2 files?
7. Do you have permissions to read the unified2 files?
8. Are you specifying the correct base filename pattern for the unified2
files?
JJC
On Mon, Jun 28, 2010 at 10:30 AM, Kun, Mike <mkun () akamai com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have Barnyard2 set up and configured to read Unified2 ad output to a mysql database. I can start barnyard2 just fine, but no data is written to the db. In the logs I see references to "waldo file missing or corrupt". I've deleted and touched a new waldo file, but still get the message. Has anyone see this issue before? - -Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with OutlookGnuPG v1.2.3667 iQEcBAEBAgAGBQJMKM4lAAoJEMhWEt1OJPG/xxYIAJDNKcldK/vsDraeEAfd/cVb 5DnxPXj5JRukVOEoUVuQGwNqh1vDJyLaOfajTYvij2eHWeLffan9i3/GHZywVUED u9FvgMYJTBleqyBcbgJxWqprIfVjpkxBIDB93x5zNVBe5EQeZ8T+L/0ZsMqd/EIq RzDqHyKVGGc63mA79PIIXF3mMvSvrP9gJdH5m/WB4meQaBIulj+jQ2/gjYqjbsVK kVuPvfE3/PJSutep9NduqLwsBRJH1Z1vIJDHPhPd7q3GfM5+5bUoN9KTD5qV/7bl M/0nOjJgaYFcZEwBvGyJDO1vmvIQIQ7s7IDdAkXAGYmToYVPwE8ZMKUtGazqW8E= =PS71 -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Barnyward not running properly Kun, Mike (Jun 28)
- Re: Barnyward not running properly JJC (Jun 28)