[Snort-users] sguil and barnyard errors

--=-eCc6LmBN1ADAQoPo8KJQ
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Not exactly Snort-related, but I thought I'd throw this out.=20
I'm trying to get Squil to run on a Red Hat 9 machine with the latest
patches and kernel.
Just want to try it out for management. I have been following the
instructions for configuring barnyard including modifying the
op_plugbase.c and Makefile. It appears to compile fine. But when I run
barnyard, here is what I see:

# barnyard -c /usr/local/etc/snort/barnyard.conf -d /usr/local/etc/snort
-g /usr/local/etc/snort/gen-msg.map -s /usr/local/etc/snort/sid-msg.map
-f snort.log -w /usr/local/etc/snort/waldo.file

-*> Barnyard! <*-
Version 0.1.0 (Build 17)
By Andrew R. Baker (andrewb@snort.org)
and Martin Roesch (roesch@sourcefire.com, www.snort.org)

Loading Data Processors...
dp_alert loaded
dp_log loaded
dp_stream_stat loaded
Loading Built-in Output Plugins...
Fast Alert plugin initialized
AlertSyslog initialized
Log Dump plugin initialized
LogPcap initialized
AlertCSV initialized
Parsing Config file: /usr/local/etc/snort/barnyard.conf
WARNING /usr/local/etc/snort/barnyard.conf(158) =3D> Unknown output plugin
"sguil" referenced, ignoring!Barnyard Version 0.1.0 (Build 17) started
Unable to open spool file
Exiting

This is what I have in my barnyard.conf file. I have removed all
comments for the sake of space.=20


config hostname: localhost
config interface: eth0
config filter: not port 22
processor dp_alert
processor dp_log
processor dp_stream_stat
output alert_fast
output log_dump
output sguil: mysql, sensor_id 0, database sguildb, server localhost,
user root, password *****, sguild_host localhost, sguild_port 7736

Please forgive my ignorance of barnyard, but I'm working on it. If
anyone has any ideas, I'd be interested in hearing them.
Thanks.
KJ


--=20
Kerry Cox <kerry.cox@ksl.com>
KSL Radio and Television

--=-eCc6LmBN1ADAQoPo8KJQ
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQA/hDOO68jmj3DGgQsRAiPnAJ4kz+qlBH8PpSjGHdfbae6xe41Rhg CeIowb
sqbqDlhADs+F0bOZYa0E0JM=
=TuT1
-----END PGP SIGNATURE-----

--=-eCc6LmBN1ADAQoPo8KJQ--



-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users