[Snort-users] Snort, Barnyard, webmin issues
This is a discussion on [Snort-users] Snort, Barnyard, webmin issues within the Snort forums, part of the System Security and Security Related category; Hey everyone, I know this problem is something to do with webmin, but I figured someone here may have seen ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
12-02-2005
|
|||
|
|||
[Snort-users] Snort, Barnyard, webmin issues
Hey everyone,
I know this problem is something to do with webmin, but I figured someone here may have seen this error before. I'm setting up snort (Version 2.4.3 (Build 26)) with barnyard (Version 0.2.0 (Build 32)) and logging to a mysql database on a Fedora Core 4 system. Snort is configured to log to tcpdump logs that barnyard will read into the DB. When I run the commands below (without -D of course), everything works fine. Even with the -D so of course there is no error shown. Now, in webmin under the snort module, I have the same command for snort under "full path to snort executable (with options)" under the module configuration as I do below for snort. Snort starts without any problems but it doesn't generate tcpdump logs, and when I start barnyard, which I do manually, I get this error if I take the -D option off. Barnyard Version 0.2.0 (Build 32) Opened spool file '/var/log/snort/snort.log.1133542635' ERROR: No input plugin found for magic: a1b2c3d4 Fatal Error, Quitting.. Exiting My question is, is there a reason why the command from the prompt will start logging correctly but from webmin the same command will not? Has anyone seen this error before? I know it is because the tcpdump log files are not being generated, but I can't seem to figure out why it is not generating the files. Any ideas or suggestions would be great. Thanks, Kevin Here are the commands and configuration settings. Here is the output config from snort: output log_tcpdump: tcpdump.log output log_unified: filename /var/log/snort/snort.log, limit 128 Command for barnyard to start: barnyard -c /usr/src/barnyard-0.2.0/etc/barnyard.conf -d /var/log/snort -a /var/log/snort-archive -f snort.log -w /var/log/snort/waldo -s /etc/snort/sid-msg.map -g /etc/snort/gen-msg.map -p /etc/snort/classification.config -D Command to start snort: /usr/sbin/snort -u snort -g snort -d -C -c /etc/snort/snort.conf -A fast -D ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
