[Snort-users] Barnyard seems to do nothing

Hi.

I've got Snort 2.0.2 installed and working fine on my network - although
it's looking for scans from $HOME_NET to catch local problems rather
than preventing external problems. I decided that I'd like to process
Snort's output more flexibly, so I compiled barnyard 0.1 and used "make
install" to get it set up.

The command line I'm using for barnyard is:

/usr/bin/barnyard -c /etc/snort/barnyard.conf -d /var/log/snort \
-g /etc/snort/rules/gen-msg.map -s /etc/snort/rules/sid-msg.map \
-f alert -D

From the USAGE file I take this to mean that barnyard will work in
continuous mode, but there never seems to be a barnyard process on the
system after this runs - I just get:

-*> Barnyard! <*-
Version 0.1.0 (Build 17)
By Andrew R. Baker (andrewb@snort.org)
and Martin Roesch (roesch@sourcefire.com, www.snort.org)

Can anyone tell me what steps I should take from here to try to find out
what's going on with barnyard, please?

Thanks,

Iain Hallam.

P.S.: Incidentally, my snort.conf has both alert_unified and log_unified
output plugins enabled, but only snort.log appears in unified format.



-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive? Does it
help you create better code? SHARE THE LOVE, and help us help
YOU! Click Here: http://sourceforge.net/donate/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users