Re: More barnyard woes

[Chris Green <cmg () uab edu>]

[ please obey Reply-To: snort-users () lists sourceforge net ]

<bthaler () webstream net> writes:

> Barnyard experts:
>
> When I run:
> barnyard -f snort.log.1014392389
>
> I get:
> No Files found to read.  Exiting
> Fatal Error, Quitting..
> Exiting

Barnyard doesn't have the clearest usage documentation ( my fault )
nor the most intuitive command line ( haven't seen a good
recommendation ).

Barnyard acts as a daemon in the standard case and the -f is a file
name filter


barnyard  -c /etc/snort/barnyard.conf \
    -d /var/log/snort -g /etc/snort/gen-msg.map \
    -s /etc/snort/sid-msg.map  -f snort.log

note the -d pointing to /var/log/snort

that is the directory where snort logs will be dropped off and scanned
constantly

the -f snort.log is a basename filter.

so it looks for /var/log/snort/snort.log.* where the .* is the
timestamp name of the file.

-o is one shot mode and thats designed to be someone testing out or
batch processing something rather than the scanning a directory
constantly.

> When I run:
> barnyard -o -f snort.log.1014392389
> it seems to work.
>
> Am I doing something wrong?
>
> Any help is appreciated.


-- 
Chris Green <cmg () uab edu>
This is my signature. There are many like it but this one is mine.

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users