Snort mailing list archives
Re: Fwd: [barnyard2-users] Can get barnyard2 to read from Snort log but won't write to alert file
From: waldo kitty <wkitty42 () windstream net>
Date: Mon, 22 Jul 2013 16:47:23 -0400
On 7/22/2013 15:57, mulhern wrote:
what is the error? our crystal balls are broken and in the shop again ;)
Sorry, the error is so uninformative, I figured it was just complaining about
the syntax, but here it is:
ERROR: alert_fast error in /etc/snort/barnyard2.conf (227): alert.fast
i see... all it really tells you is that the error is on line 227 in barnyard2.conf and what that line contains... reading your reply further, it doesn't say that it can't access the file for writing which appears to have been the cause...
you are not trying to get BY2 to write to the same alert file that snort is
writing to, are you? they should each write to their own...
I think this is what I had done. I renamed the output file to something sure not
to conflict and found it. Thanks!
found it? fixed it? if so, nice :)
Can you throw me a hint about having barnyard delete files once read?
i don't know if it does... i've not read others saying that such was done or
not... as i understand it, most folks keep them around for historical reasons
and in case they need to rebuild the database(s)... it is evidence, ya know ;)
plus, i do not run barnyard ;) O:)
--
NOTE: No off-list assistance is given without prior approval.
Please keep mailing list traffic on the list unless
private contact is specifically requested and granted.
------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Fwd: [barnyard2-users] Can get barnyard2 to read from Snort log but won't write to alert file mulhern (Jul 22)
- Re: Fwd: [barnyard2-users] Can get barnyard2 to read from Snort log but won't write to alert file waldo kitty (Jul 22)
- Re: Fwd: [barnyard2-users] Can get barnyard2 to read from Snort log but won't write to alert file mulhern (Jul 22)
- Re: Fwd: [barnyard2-users] Can get barnyard2 to read from Snort log but won't write to alert file waldo kitty (Jul 22)
- Re: Fwd: [barnyard2-users] Can get barnyard2 to read from Snort log but won't write to alert file mulhern (Jul 22)
- Re: Fwd: [barnyard2-users] Can get barnyard2 to read from Snort log but won't write to alert file waldo kitty (Jul 22)
- Re: Fwd: [barnyard2-users] Can get barnyard2 to read from Snort log but won't write to alert file mulhern (Jul 22)
- Re: Fwd: [barnyard2-users] Can get barnyard2 to read from Snort log but won't write to alert file waldo kitty (Jul 22)
- Re: Fwd: [barnyard2-users] Can get barnyard2 to read from Snort log but won't write to alert file mulhern (Jul 22)
- Re: Fwd: [barnyard2-users] Can get barnyard2 to read from Snort log but won't write to alert file waldo kitty (Jul 22)