Re: [Snort-users] Help with barnyard.

Chhabria, Kavita - Apogent wrote:
> Hello everyone:
>
> I am trying to configure barnyard-0.1.0 to work with snort-2.0.1 and I am
> getting an error message saying "Unable to open spool file....Exiting" when
> I run barnyard.
>
> I start barnyard at the command line using the following command-line
> options:
>
> barnyard -c /root/barnyard-0.1.0/etc/barnyard.conf -d /var/log/snort \
> -f unified_snort.log.1065623999 -L /var/log/barnyard \
> -g /etc/snort/gen-msg.map -s /etc/snort/sid-msg.map
>
> When I look at the /var/log/snort directory, there is a file called
> unified_snort.log.1065623999. So, anyone, please tell me what possibly can
> be the cause of the above error message.
>
> Also, to let everyone know I have configured the snort.conf file to have the
> following line
>
> output log_unified: filename unified_snort.log, limit 128
>
> Anyone have any ideas or thoughts or suggestions?

You need to either remove the ".1065623999" extension from the "-f"
argument (for continual spool processing) or add the "-o" command line
switch to tell Barnyard to only read the one file.

-A



-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users