Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Snort-users] Problem with barnyard 0.2.0 and snort 2.4.0

from [Paul Schmehl] Network Security [Permanent Link]
Subject: Re: [Snort-users] Problem with barnyard 0.2.0 and snort 2.4.0
Date: Sat, 20 Aug 2005 13:38:16 -0500
--On August 20, 2005 12:10:13 PM -0500 eric-list-snort-users@catastrophe.net wrote:

On Sat, 2005-08-20 at 11:55:45 -0500, Paul Schmehl proclaimed...

Delete your waldo file (/var/log/snort/log/snort_ids.log) and allow
barnyard to recreate it.  It's apparently corrupted.


Deleted, but it didn't fix anything.

Restart barnyard, but add -v to make it more verbose. If that doesn't tell you anything, then add a second or third v.

If you delete the waldo file, barnyard *should* reread all the log files (giving you duplicates in your db.) If it still isn't reading the logfiles, then remove the waldo switch. If it *still* won't load the files, there's something wrong with the files. Either they're not in unified format or they're screwed up in a way that makes it impossible for barnyard to parse them.

The waldo file should look something like this:

# less /usr/local/etc/waldo.file
/var/log/snort/
snort.log
1124382173
3138

Check to see if the snort log files are binary. If they aren't then snort isn't logging in unified format.

I also strongly recommend that you do not use localtime with barnyard.
It  causes problems during the change from daylight savings to "normal"
time.


Done, but that didn't fix anything either.

This wasn't intended to fix anything regarding your present problem.

Paul Schmehl (pauls@utdallas.edu)
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/


-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Snort-users] Problem with barnyard 0.2.0 and snort 2.4.0, eric-list-snort-users
Next by Date:  Re: [Snort-users] Problem with barnyard 0.2.0 and snort 2.4.0, eric-list-snort-users
Previous by Thread:  Re: [Snort-users] Problem with barnyard 0.2.0 and snort 2.4.0, eric-list-snort-users
Next by Thread:  Re: [Snort-users] Problem with barnyard 0.2.0 and snort 2.4.0, eric-list-snort-users
Indexes:  [Date] [Thread] [Top] [All Lists]