Home page logo

snort logo Snort mailing list archives

Re: Strange happenings with BY2
From: Tony Robinson <deusexmachina667 () gmail com>
Date: Sun, 14 Apr 2013 01:33:49 -0400


-My script pulls BY2 via github as it has been suggested by a few folks who
use my script that this is the suggested method of getting barnyard2
updates, as opposed to pulling it from the securix website.

Here's what I get when I run barnyard2 with -v:
  ______   -*> Barnyard2 <*-
 / ,,_  \  Version 2.1.13-BETA (Build 325)
 |o"  )~|  By Ian Firns (SecurixLive): http://www.securixlive.com/
 + '''' +  (C) Copyright 2008-2013 Ian Firns <firnsy () securixlive com>

- The way my script installs barnyard 2 is that I configure the
barnyard2.conf file via sed-foo and tell it where to find the sid and
gen-msg.map, among other settings.
- I don't trust my sed-foo that much, so I use the -S and -G options to
tell barnyard2 where to find the sid and gen-msg.map files via the command
line as a Safety Net of sorts.
- In the past, there would be no conflict here; if the conf file said one
thing and the command line said another, the command line would win and
barnyard 2 would use the -S and -G arguments via the command line.
- With the copy of barnyard 2 I pulled via github, here's the errors I got:

Apr 13 13:25:53 Autosnort-VMPlayer barnyard2[1464]: FATAL ERROR: The sid
map file was included two times command line (-S)
[/usr/local/snort/etc/sid-msg.map] and in the configuration file (config
sid_map) [/usr/local/snort/etc/sid-msg.map].#012It only need to be defined
Apr 13 13:29:39 Autosnort-VMPlayer barnyard2[1562]: FATAL ERROR: The gen
map file was included two times command line (-G)
[/usr/local/snort/etc/gen-msg.map] and in the configuration file (config
gen_map) [/usr/local/snort/etc/gen-msg.map].#012It only need to be defined

- Okay, easy enough to understand: remove the args from the command line or
from the config file, don't specify them twice. So I removed the -S and -G
args and everything worked.. Updated my scripts, updated the init scripts I
made and everything is happy.
- The errors are verbose enough for me to understand what happened, I'm
just curious what prompted the change in how arguments are parsed/accepted
with BY2.

Thanks for the response.

p.s. This is very low priority, I managed to work around it well enough. If
you have anything of more importance, like say, enjoying your weekend, no
worries; I can wait.

On Sun, Apr 14, 2013 at 12:37 AM, beenph <beenph () gmail com> wrote:

On Sun, Apr 14, 2013 at 12:21 AM, Tony Robinson
<deusexmachina667 () gmail com> wrote:

I was just testing out some changes to my autosnort script and
the install process and noticed that barnyard2 behaves a little bit

It use to be that you could specify a directive via command line and via
config file and the command line argument would win. Now it seems that if
you specify an argument in both places, BY2 just refuses to run. It
throws a
fatal error stating that the argument cannot be specified in the config
and on the command line.

I took a look at the readme/changelog available via github, didn't really
find much regarding it. Has anyone else noticed this? Not that it truly
matters anymore; I just removed the offending options from the command
and am about to commit the changes to the scripts regardless -- merely

Hi Tony,

Can you be more specific about which version you are using and which
argument you are trying to run
and what output you get and mabey its will be possible to
assist/explain you further what is happening.

Thank you.


when does reality end? when does fantasy begin?
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

Please visit http://blog.snort.org to stay current on all the latest Snort news!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]