[Snort-users] "No input plugin found for magic: a1b2c3d4" Issue

permalink · #1 (**permalink**) 6 Days Ago

--===============1657806128==
Content-Type: multipart/alternative; boundary="0-508458951-1210108015=:44916"
Content-Transfer-Encoding: 8bit

--0-508458951-1210108015=:44916
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit

I try to installing snort-2.8.0.1 on OpenBSD-4.2, before that, I try to patching it with snortsam's patch diff file (snortsam-2.8.0.1.diff). There is nothing to problem at all when I have to compiling and installing Snort. But I got this following error when issuing "make" to installing Barnyard:

ProgVars.c: In function `ProgVars_Fprintf':
ProgVars.c:672: warning: long unsigned int format, time_t arg (arg 3)
gcc -g -O2 -Wall -L/usr/local/lib/mysql/ -o barnyard barnyard.o mstring.o strlcatu.o strlcpyu.o util.o spool.o sid.o debug.o classification.o CommandLineArgs.o ConfigFile.o ProgVars.o output-plugins/libop.a input-plugins/libdp.a -lz -lssl -lmysqlclient
/usr/local/lib/mysql//libmysqlclient.so.18.0: warning: strcpy() is almost always misused, please use strlcpy()
output-plugins/libop.a(op_sguil.o)(.text+0xea): In function `OpSguil_Start':
/etc/barnyard/src/output-plugins/op_sguil.c:220: warning: sprintf() is often misused, please use snprintf()
output-plugins/libop.a(op_sguil.o)(.text+0x4da): In function `OpSguil_Log':
/etc/barnyard/src/output-plugins/op_sguil.c:366: warning: strcat() is almost always misused, please use strlcat()

I try to continue the process with hope there is nothing wrong with barnyard processing the snort's unified file.
But lately I know that I was wrong...

Barnyard produce this messages

# tail /var/log/messages
May 7 09:01:00 snort barnyard: No bookmark file found, processing all events
May 7 09:01:03 snort barnyard[10430]: Initializing daemon mode
May 7 09:01:03 snort barnyard[23654]: Opened spool file '/var/log/snort//snort.log.1210120583'
May 7 09:01:03 snort barnyard[23654]: FATAL ERROR: ERROR: No input plugin found for magic: a1b2c3d4
May 7 09:01:03 snort barnyard[23654]: Exiting

when I try to running it with:
# /usr/local/bin/barnyard \
-c /etc/snort/barnyard.conf \
-d /var/log/snort/ \
-L /var/log/snort/ \
-s /etc/snort/sid-msg.map \
-g /etc/snort/gen-msg.map \
-p /etc/snort/classification.config \
-a /var/log/snort/archive/ \
-f snort.log \
-w /var/log/snort/barnyard.waldo \
-X /var/run/barnyard.pid \
-D

Now, what should I do?

Thanks in advance
Regard
Matt

---------------------------------
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.
--0-508458951-1210108015=:44916
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: 8bit

I try to installing snort-2.8.0.1 on OpenBSD-4.2, before that, I try to patching it with snortsam's patch diff file (snortsam-2.8.0.1.diff). There is nothing to problem at all when I have to compiling and installing Snort. But I got this following error when issuing "make" to installing Barnyard: ProgVars.c: In function `ProgVars_Fprintf': ProgVars.c:672: warning: long unsigned int format, time_t arg (arg 3) gcc  -g -O2 -Wall -L/usr/local/lib/mysql/ -o barnyard  barnyard.o mstring.o strlcatu.o strlcpyu.o util.o  spool.o sid.o debug.o classification.o CommandLineArgs.o ConfigFile.o  ProgVars.o output-plugins/libop.a input-plugins/libdp.a -lz -lssl -lmysqlclient /usr/local/lib/mysql//libmysqlclient.so.18.0: warning: strcpy() is almost always misused, please use strlcpy() output-plugins/libop.a(op_sguil.o)(.text+0xea): In function `OpSguil_Start': /etc/barnyard/src/output-plugins/op_sguil.c:220: warning: sprintf() is often misused,
please use snprintf() output-plugins/libop.a(op_sguil.o)(.text+0x4da): In function `OpSguil_Log': /etc/barnyard/src/output-plugins/op_sguil.c:366: warning: strcat() is almost always misused, please use strlcat() I try to continue the process with hope there is nothing wrong with barnyard processing the snort's unified file. But lately I know that I was wrong... Barnyard produce this messages # tail /var/log/messages May  7 09:01:00 snort barnyard: No bookmark file found, processing all events May  7 09:01:03 snort barnyard[10430]: Initializing daemon mode May  7 09:01:03 snort barnyard[23654]: Opened spool file '/var/log/snort//snort.log.1210120583' May  7 09:01:03 snort barnyard[23654]: FATAL ERROR: ERROR: No input plugin found for magic: a1b2c3d4 May  7 09:01:03 snort barnyard[23654]: Exiting when I try to running it with: # /usr/local/bin/barnyard \ -c /etc/snort/barnyard.conf
\ -d /var/log/snort/ \ -L /var/log/snort/ \ -s /etc/snort/sid-msg.map \ -g /etc/snort/gen-msg.map \ -p /etc/snort/classification.config \ -a /var/log/snort/archive/ \ -f snort.log \ -w /var/log/snort/barnyard.waldo \ -X /var/run/barnyard.pid \ -D Now, what should I do? Thanks in advance Regard Matt 

<hr size=1>Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. <a href="http://us.rd.yahoo.com/evt=51733/*http://mobile.yahoo.com/;_ylt=Ahu06i...Dypao8Wcj9tAcJ "> Try it now.</a>
--0-508458951-1210108015=:44916--

--===============1657806128==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Don't miss this year's exciting event. There's still time to save $100.
Use priority code J8TL2D2.
http://ad.doubleclick.net/clk;198757...un.com/javaone
--===============1657806128==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users
--===============1657806128==--

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode