Snort mailing list archives

Previous By Date Next
Previous By Thread Next

how to clear the caches of snort/barnyard?

From: "闫振宇" <yanzhenyu () 55tuan com>
Date: Thu, 12 Apr 2012 18:22:45 +0800
Hi,all
      I rewrited  my snort.conf.I wanted  snort to output snort.log.and I started up snort&barnyard,but it seemed that 
the new configuration file  didn't work. The 'spool filebase'   option of barnyard  was  merged.log not snort.log.

1st.  snort.conf

........
###################################################
# Step #6: Configure output plugins
# For more information, see Snort Manual, Configuring Snort - Output Modules
###################################################
# unified2
# Recommended for most installs
  output unified2: filename snort.log, limit 128
# output unified2: filename merged.log, limit 128, nostamp, mpls_event_types, vlan_event_types
# Additional configuration for specific types of installs
# output alert_unified2: filename snort.alert, limit 128, nostamp
# output log_unified2: filename snort.log, limit 128, nostamp 


2nd.Start up snort&&barnyard
snort -c /etc/snort/snort.conf -i eth0 
/usr/local/bin/barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.log -w /var/log/snort/barnyard.waldo 



But barnyard  
database: using the "log" facility
        --== Initialization Complete ==--
  ______   -*> Barnyard2 <*-
 / ,,_  \  Version 2.1.9 (Build 263)
 |o"  )~|  By the SecurixLive.com Team: http://www.securixlive.com/about.php
 + '''' +  (C) Copyright 2008-2010 SecurixLive.
           Snort by Martin Roesch & The Snort Team: http://www.snort.org/team.html
           (C) Copyright 1998-2007 Sourcefire Inc., et al.
Using waldo file '/var/log/snort/barnyard.waldo':
    spool directory = /var/log/snort
    spool filebase  = merged.log
    time_stamp      = 1334199055
    record_idx      = 210
Waiting for new spool file

what's the error? Can any one help me? 

2012-04-12 



  
闫振宇 系统部

北京窝窝团信息技术有限公司
______________________________________________________________________________________________________
Add:北京市海淀区农大南路1号硅谷亮城9号楼1层 邮编:100080
Tel:+86-10-59065069 Mob:+86-13261949497
E-mail:yanzhenyu () 55tuan com www.55tuan.com

Attachment: 窝窝团logo signature(07-27-16-48-28).png
Description: 

------------------------------------------------------------------------------
For Developers, A Lot Can Happen In A Second.
Boundary is the first to Know...and Tell You.
Monitor Your Applications in Ultra-Fine Resolution. Try it FREE!
http://p.sf.net/sfu/Boundary-d2dvs2
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: