Snort mailing list archives
Re: [Barnyard-users] " No input plugin found for magic: a1b2c3d4" Issue
From: "Bamm Visscher" <bamm.visscher () gmail com>
Date: Wed, 7 May 2008 14:25:21 -0600
You're trying to make barnyard read a pcap file not a unified log. http://nsmwiki.org/Sguil_FAQ#Barnyard_says_.22No_input_plugin_found.22. On Wed, May 7, 2008 at 1:33 PM, Rachmat Hidayat Al-Anshar <rachmat_hidayat_02 () yahoo com> wrote:
In a last 2 day, i try to find out why did this happen and try to find the solution. I still didn't make it. I have
no idea, why barnyard still didn't working. Barnyard always say that it can't find any input plugin. I never find
this kind of problem on linux based os. I beg for a help :-(. Could anyone who has successfully applying barnyard to
share your experience with me.
Regard.
Matt
Rachmat Hidayat Al-Anshar wrote:
> I try to installing snort-2.8.0.1 on OpenBSD-4.2, before that, I try to patching it with snortsam's patch diff
file (snortsam-2.8.0.1.diff). There is nothing to problem at all when I have to compiling and installing Snort. But I
got this following error when issuing "make" to installing Barnyard: ProgVars.c: In function `ProgVars_Fprintf':
ProgVars.c:672: warning: long unsigned int format, time_t arg (arg 3) gcc -g -O2 -Wall -L/usr/local/lib/mysql/ -o
barnyard barnyard.o mstring.o strlcatu.o strlcpyu.o util.o spool.o sid.o debug.o classification.o CommandLineArgs.o
ConfigFile.o ProgVars.o output-plugins/libop.a input-plugins/libdp.a -lz -lssl -lmysqlclient
/usr/local/lib/mysql//libmysqlclient.so.18.0: warning: strcpy() is almost always misused, please use strlcpy()
output-plugins/libop.a(op_sguil.o)(.text+0xea): In function `OpSguil_Start':
/etc/barnyard/src/output-plugins/op_sguil.c:220: warning: sprintf() is often misused,
> please use snprintf() output-plugins/libop.a(op_sguil.o)(.text+0x4da): In function `OpSguil_Log':
/etc/barnyard/src/output-plugins/op_sguil.c:366: warning: strcat() is almost always misused, please use strlcat() I
try to continue the process with hope there is nothing wrong with barnyard processing the snort's unified file. But
lately I know that I was wrong... Barnyard produce this messages # tail /var/log/messages May 7 09:01:00 snort
barnyard: No bookmark file found, processing all events May 7 09:01:03 snort barnyard[10430]: Initializing daemon
mode May 7 09:01:03 snort barnyard[23654]: Opened spool file '/var/log/snort//snort.log.1210120583' May 7 09:01:03
snort barnyard[23654]: FATAL ERROR: ERROR: No input plugin found for magic: a1b2c3d4 May 7 09:01:03 snort
barnyard[23654]: Exiting when I try to running it with: # /usr/local/bin/barnyard \ -c /etc/snort/barnyard.conf
> \ -d /var/log/snort/ \ -L /var/log/snort/ \ -s /etc/snort/sid-msg.map \ -g /etc/snort/gen-msg.map \ -p
/etc/snort/classification.config \ -a /var/log/snort/archive/ \ -f snort.log \ -w /var/log/snort/barnyard.waldo \ -X
/var/run/barnyard.pid \ -D Now, what should I do? Thanks in advance Regard Matt
> Be a better friend, newshound, and
> know-it-all with Yahoo! Mobile. Try it now.
____________________________________________________________________________________
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Don't miss this year's exciting event. There's still time to save $100.
Use priority code J8TL2D2.
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
Barnyard-users mailing list
Barnyard-users () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/barnyard-users
-- sguil - The Analyst Console for NSM http://sguil.sf.net ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- "No input plugin found for magic: a1b2c3d4" Issue Rachmat Hidayat Al-Anshar (May 06)
- Re: [Barnyard-users] " No input plugin found for magic: a1b2c3d4" Issue Rachmat Hidayat Al-Anshar (May 07)
- Re: [Barnyard-users] " No input plugin found for magic: a1b2c3d4" Issue Bamm Visscher (May 07)
- Re: [Barnyard-users] " No input plugin found for magic: a1b2c3d4" Issue Joel Esler (May 07)
- Re: [Barnyard-users] " No input plugin found for magic: a1b2c3d4" Issue Rachmat Hidayat Al-Anshar (May 07)