sudo barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.u2 -w /var/log/snort/barnyard2.waldo -g snort -u snort -D --------------------------------------------------------------------------------------------------------------------------------- Apr 7 19:11:16 at-desktop barnyard2[2835]: Running in Continuous mode Apr 7 19:11:16 at-desktop barnyard2[2835]: Apr 7 19:11:16 at-desktop barnyard2[2835]: --== Initializing Barnyard2 ==-- Apr 7 19:11:16 at-desktop barnyard2[2835]: Initializing Input Plugins! Apr 7 19:11:16 at-desktop barnyard2[2835]: Initializing Output Plugins! Apr 7 19:11:16 at-desktop barnyard2[2835]: Parsing config file "/etc/snort/barnyard2.conf" Apr 7 19:11:16 at-desktop barnyard2[2835]: #012#012+[ Signature Suppress list ]+#012---------------------------- Apr 7 19:11:16 at-desktop barnyard2[2835]: +[No entry in Signature Suppress List]+ Apr 7 19:11:16 at-desktop barnyard2[2835]: ----------------------------#012+[ Signature Suppress list ]+#012 Apr 7 19:12:06 at-desktop barnyard2[2835]: Barnyard2 spooler: Event cache size set to [2048] Apr 7 19:12:06 at-desktop barnyard2[2835]: Log directory = /var/log/barnyard2 Apr 7 19:12:06 at-desktop barnyard2[2835]: INFO database: Defaulting Reconnect/Transaction Error limit to 10 Apr 7 19:12:06 at-desktop barnyard2[2835]: INFO database: Defaulting Reconnect sleep time to 5 second Apr 7 19:12:06 at-desktop barnyard2[2835]: Initializing daemon mode Apr 7 19:12:06 at-desktop barnyard2[2840]: Daemon initialized, signaled parent pid: 2835 Apr 7 19:12:06 at-desktop barnyard2[2835]: Daemon parent exiting Apr 7 19:12:06 at-desktop barnyard2[2840]: PID path stat checked out ok, PID path set to /var/run/ Apr 7 19:12:06 at-desktop barnyard2[2840]: Writing PID "2840" to file "/var/run//barnyard2_NULL.pid" Apr 7 19:15:51 at-desktop barnyard2[2840]: [SystemPullDataStore()]: No System found in database ... Apr 7 19:15:51 at-desktop barnyard2[2840]: [ReferencePullDataStore()]: No Reference found in database ... Apr 7 19:17:01 at-desktop CRON[2859]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)