Re: [Snort-users] barnyard 2.0.0 & snort-2.8.1
This is a discussion on Re: [Snort-users] barnyard 2.0.0 & snort-2.8.1 within the Snort forums, part of the System Security and Security Related category; It's not a "new" output format. If provided no output mechanism via the cmd args or config, ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
04-27-2008
|
|||
|
|||
Re: [Snort-users] barnyard 2.0.0 & snort-2.8.1
It's not a "new" output format. If provided no output mechanism via
the cmd args or config, then snort uses binary (pcap) as the default log type now. By default, snort also uses the prefix "snort.log" for the binary output files. Yes, that is the same prefix as the unified log output plugin uses. I wish someone would change that. Maybe "snort.unified". Please? Bammkkkk On Sat, Apr 26, 2008 at 4:31 PM, Russell Fulton <r.fulton@auckland.ac.nz> wrote: > Replying to myself ;) > > Seconds after posting I had an inspiration and found that the output > line was missing in the config for this sensor so snort must have been > using the new output format. > > What reads the new format? Clearly barnyard does not... > > Russell > > > > On 27/04/2008, at 10:20 AM, Russell Fulton wrote: > > On just one of my sensors I am having problems with barnyard refusing > > to read snort log files: > > > > Apr 27 10:14:55 monitor-dmzi barnyard[12240]: Opened spool file '/ > > home/ > > snort/data/eth2//snort.log.1209245479' > > Apr 27 10:14:55 monitor-dmzi barnyard[12240]: FATAL ERROR: ERROR: No > > input plugin found for magic: a1b2c3d4 > > > > So far as I can tell the set up is the same as of at least two other > > sensors which work fine. > > > > Any idea what is gong on? > > > > Russell > > > > > > ------------------------------------------------------------------------- > > This SF.net email is sponsored by the 2008 JavaOne(SM) Conference > > Don't miss this year's exciting event. There's still time to save > > $100. > > Use priority code J8TL2D2. > > http://ad.doubleclick.net/clk;198757...un.com/javaone > > _______________________________________________ > > Snort-users mailing list > > Snort-users@lists.sourceforge.net > > Go to this URL to change user options or unsubscribe: > > https://lists.sourceforge.net/lists/...fo/snort-users > > Snort-users list archive: > > http://www.geocrawler.com/redir-sf.p...st=snort-users > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by the 2008 JavaOne(SM) Conference > Don't miss this year's exciting event. There's still time to save $100. > Use priority code J8TL2D2. > http://ad.doubleclick.net/clk;198757...un.com/javaone > _______________________________________________ > Snort-users mailing list > Snort-users@lists.sourceforge.net > Go to this URL to change user options or unsubscribe: > https://lists.sourceforge.net/lists/...fo/snort-users > Snort-users list archive: > http://www.geocrawler.com/redir-sf.p...st=snort-users > -- sguil - The Analyst Console for NSM http://sguil.sf.net ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757...un.com/javaone _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
 |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT +1. The time now is 08:05 AM.
