Re: Using Barnyard2 with Snort

[James Lay <jlay () slave-tothe-box net>]

On 2015-06-26 11:00 AM, Farnsworth, Robert wrote:
> HI, James I know your busy but just wanted to reply so you don’t
> forget about this.
>
> Thanks
>
> Robert
>
> FROM: James Lay [mailto:jlay () slave-tothe-box net]
>  SENT: Wednesday, June 24, 2015 6:56 AM
>  TO: snort-users () lists sourceforge net
>  SUBJECT: Re: [Snort-users] Using Barnyard2 with Snort
>
> On Mon, 2015-06-22 at 12:37 +0000, Farnsworth, Robert wrote:
>
> > This is what I get running in verbose. I have attached my
> > barnyard2.conf file.
> >
> > [root@usolglwxoh004 jzcdc0]# /usr/local/bin/barnyard2 -v
> >
> > Running in Continuous mode
> >
> > --== Initializing Barnyard2 ==--
> >
> > Initializing Input Plugins!
> >
> > Initializing Output Plugins!
> >
> > Parsing config file "./barnyard2.conf"
> >
> > -----Original Message-----
> >
> > From: James Lay [mailto:jlay () slave-tothe-box net]
> >
> > Sent: Friday, June 19, 2015 5:08 PM
> >
> > To: Farnsworth, Robert
> >
> > Cc: snort-users () lists sourceforge net
> >
> > Subject: RE: [Snort-users] Using Barnyard2 with Snort
> >
> > On 2015-06-19 02:55 PM, Farnsworth, Robert wrote:
> >
> > > I cannot get Barnyard to run.
> >
> > >
> >
> > > It seems to die @ Parsing config file "/etc/snort/barnyard2.conf"
> >
> > >
> >
> > > -----Original Message-----
> >
> > > From: James Lay [mailto:jlay () slave-tothe-box net]
> >
> > > Sent: Friday, June 19, 2015 4:46 PM
> >
> > > To: snort-users () lists sourceforge net
> >
> > > Subject: Re: [Snort-users] Using Barnyard2 with Snort
> >
> > >
> >
> > > On 2015-06-19 11:57 AM, Farnsworth, Robert wrote:
> >
> > > > I realize this is off topic for SNORT, but does anybody know how
> > to
> >
> > > > get help with a barnyard2 config? I've tried the google group and
> > the
> >
> > > > e-mail fails.
> >
> > > >
> >
> > > > [root@anyhost] /usr/bin/barnyard2 -c /etc/snort/barnyard2.conf -d
> >
> >
> > > > /var/log/snort -f snort.log -w /var/log/snort/barnyard.waldo
> >
> > > >
> >
> > > > Running in Continuous mode
> >
> > > >
> >
> > > > --== Initializing Barnyard2 ==--
> >
> > > >
> >
> > > > Initializing Input Plugins!
> >
> > > >
> >
> > > > Initializing Output Plugins!
> >
> > > >
> >
> > > > Parsing config file "/etc/snort/barnyard2.conf"
> >
> > > >
> >
> > > > ______ -*> Barnyard2 <*-
> >
> > > >
> >
> > > > / ,,_ \ Version 2.1.13 (Build 327)
> >
> > > >
> >
> > > > |o" )~| By Ian Firns (SecurixLive): http://www.securixlive.com/
> > [1]
> >
> > > >
> >
> > > > + '''' + (C) Copyright 2008-2013 Ian Firns firnsy () securixlive com
> >
> > > >
> >
> > > > Thanks
> >
> > > >
> >
> > > > ROBERT L. FARNSWORTH
> >
> > You'll want to post your barnyard2.conf file as well as try and run
> > it with the -v option for verbose mode, then post the output of that
> > as well.
> >
> > James
> ------------------------------------------------------------------------------
> > Monitor 25 network devices or servers for free with OpManager!
> >
> > OpManager is web-based network management software that monitors
> >
> > network devices and physical & virtual servers, alerts via email &
> > sms
> >
> > for fault. Monitor 25 devices for free with no restriction. Download
> > now
> >
> > http://ad.doubleclick.net/ddm/clk/292181274;119417398;o [2]
> >
> > _______________________________________________
> >
> > Snort-users mailing list
> >
> > Snort-users () lists sourceforge net
> >
> > Go to this URL to change user options or unsubscribe:
> >
> > https://lists.sourceforge.net/lists/listinfo/snort-users [3]
> >
> > Snort-users list archive:
> >
> > http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> > [4]
> >
> > Please visit http://blog.snort.org [5] to stay current on all the
> > latest Snort news!
>
>  Haven't forgotten about this....I will try and look at this later
> today.
>
>  James
>
> Links:
> ------
> [1] http://www.securixlive.com/
> [2] http://ad.doubleclick.net/ddm/clk/292181274;119417398;o
> [3] https://lists.sourceforge.net/lists/listinfo/snort-users
> [4] http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> [5] http://blog.snort.org
>
> ------------------------------------------------------------------------------
> Monitor 25 network devices or servers for free with OpManager!
> OpManager is web-based network management software that monitors
> network devices and physical & virtual servers, alerts via email & sms
> for fault. Monitor 25 devices for free with no restriction. Download 
> now
> http://ad.doubleclick.net/ddm/clk/292181274;119417398;o
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest 
> Snort news!

Yea I'm on this...had to redo my install of snort on the dev box.  Will 
look with your config in a bit.

James

------------------------------------------------------------------------------
Monitor 25 network devices or servers for free with OpManager!
OpManager is web-based network management software that monitors 
network devices and physical & virtual servers, alerts via email & sms 
for fault. Monitor 25 devices for free with no restriction. Download now
http://ad.doubleclick.net/ddm/clk/292181274;119417398;o
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!