RE: barnyard problem

["David" <dwad24 () excite com>]

 Hey Jasmine, What options and arguments are you running barnyard with?Dave--- On Fri 05/28, Jasmine CHUA < 
Jasmine.Chua () internationalsos com > wrote:From: Jasmine CHUA [mailto: Jasmine.Chua () internationalsos com]To: 
snort-users@lists.sourceforge.netDate: Fri, 28 May 2004 18:02:52 +0800Subject: [Snort-users] barnyard problem-----BEGIN 
PGP SIGNED MESSAGE-----Hash: SHA1Hi allbarnyard works at first. But stopped working the next time I start it. 
It'ssupposed to create a waldo file by itself but it dint. Below is the straceoutput. I am using barnyard-1.0. Anyone 
encountering the same problem? write(2, "Loading Data Processors...n", 27Loading Data Processors...) = 27write(2, 
"dp_alert loadedn", 16dp_alert loaded) = 16write(2, "dp_log loadedn", 14dp_log loaded) = 14write(2, "dp_stream_stat 
loadedn", 22dp_stream_stat loaded) = 22write(2, "Loading Built-in Output Plugins."..., 35Loading Built-in 
OutputPlugins...) = 35write(2, "Fast Alert plugin initializedn", 30Fast Alert plugin initialized) = 30write(2, 
"AlertSyslog initializedn", 24AlertSyslog initialized) = 24write(2, "Log Dump plugin initializedn", 28Log Dump plugin 
initialized) = 28write(2, "LogPcap initializedn", 20LogPcap initialized) = 20write(2, "AcidDb output plugin 
initialized"..., 33AcidDb output plugininitialized) = 33write(2, "Sguil output plugin initializedn", 32Sguil output 
plugininitialized) = 32write(2, "AlertCSV initializedn", 21AlertCSV initialized) = 21write(2, "Parsing Config file: 
/etc/snort/"..., 46Parsing Config file:/etc/snort/barnyard.conf) = 46open("/etc/snort/barnyard.conf", O_RDONLY) = 
3fstat64(3, {st_mode=S_IFREG|0644, st_size=6021, ...}) = 0mmap2(NULL, 4096, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =0x40016000read(3, "#-------------------------------"..., 4096) = 4096read(3, " - 
ICMP type (if ICMP)n# dp"..., 4096) = 1925time([1085737682]) = 1085737682open("/etc/localtime", O_RDONLY) = 4fstat64(4, 
{st_mode=S_IFREG|0644, st_size=56, ...}) = 0mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) 
=0x40017000read(4, "TZif0000000000000000000100010"..., 4096) =56close(4) = 0munmap(0x40017000, 4096) = 
0rt_sigaction(SIGPIPE, {0x4013b500, [], SA_RESTORER, 0x400925d8}, {SIG_DFL},8) = 0socket(PF_UNIX, SOCK_DGRAM, 0) = 
4fcntl64(4, F_SETFD, FD_CLOEXEC) = 0connect(4, {sa_family=AF_UNIX, path="/dev/log"}, 16) = -1 EPROTOTYPE(Protocol wrong 
type for socket)close(4) = 0socket(PF_UNIX, SOCK_STREAM, 0) = 4fcntl64(4, F_SETFD, FD_CLOEXEC) = 0connect(4, 
{sa_family=AF_UNIX, path="/dev/log"}, 16) = 0send(4, "<29>May 28 09:48:02 barnyard: Ar"..., 165, 0) = 
165rt_sigaction(SIGPIPE, {SIG_DFL}, NULL, 8) = 0read(3, "", 4096) = 0close(3) = 0munmap(0x40016000, 4096) = 
0open("/snort_data/barnyard.waldo", O_RDONLY) = -1 ENOENT (No such file ordirectory)time([1085737682]) = 
1085737682rt_sigaction(SIGPIPE, {0x4013b500, [], SA_RESTORER, 0x400925d8}, {SIG_DFL},8) = 0send(4, "<29>May 28 
09:48:02 barnyard: In"..., 56, 0) = 56rt_sigaction(SIGPIPE, {SIG_DFL}, NULL, 8) = 0fork() = 11156- --- SIGCHLD (Child 
exited) @ 0 (0) ---munmap(0x40015000, 4096) = 0exit_group(0) = ?-----BEGIN PGP SIGNATURE-----Version: PGP 
7.0.1iQA/AwUBQLcOS/4wcdIw6CVjEQJNjACghTbgSNAR8m0XzfewO7lBB6JHUOAAniNyO5TL2JqXyY9ydybOuDQxHa8N=yhBp-----END PGP 
SIGNATURE------------------------------------------------------------This SF.Net email is sponsored by: Oracle 10gGet 
certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you 
the exam 
FREE.http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click_______________________________________________Snort-users
 mailing listSnort-users@lists.sourceforge.netGo to this URL to change user options or 
unsubscribe:https://lists.sourceforge.net/lists/listinfo/snort-usersSnort-users list 
archive:http://www.geocrawler.com/redir-sf.php3?list=snort-users

_______________________________________________
Join Excite! - http://www.excite.com
The most personalized portal on the Web!