OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Alwin Raymundo (alrayworld_at_yahoo.com)
Date: Thu Oct 17 2002 - 14:43:56 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Hi Andrew,

    Thanks for replying.

    I'm using snort 2.0 (in snort.conf)
    output log_unified: filename snort.log, limit 128

    I use barnyard-0.1.0-rc3.tar.gz

    Thanks again in Advance for you help

    Your brother in snort

    --- "Andrew R. Baker" <andrewbsnort.org> wrote:
    > Alwin Raymundo wrote:
    > > Hi Everybody,
    > >
    > > Thanks for all your help and I appreciate your
    > > patience. The stupid of me I did not double check
    > the
    > > command line that I execute. Please pardon me.
    > >
    > > I already change it but I notice something, if
    > someone
    > > can help I really really apreciate it.
    > >
    > > when I execute the command.
    > > barnyard -c /etc/snort/barnyard.conf \
    > > -d /var/log/snort -g /etc/snort/gen-msg.map \
    > > -s /etc/snort/sid-msg.map -f snort.log
    > >
    > > Barnyard Version 0.1.0-rc3 (Build 11) started
    > > ERROR => No input plugin found for magic: a1b2c3d4
    > > Fatal Error, Quitting..
    > > Exiting
    > >
    > > What does this means. " ERROR => No input plugin
    > > found for magic: a1b2c3e4"
    > >
    > > any help would be highly appreciated.
    >
    > The magic is the first 4 octets of the unified file
    > that is used by
    > Barnyard to determine how it should be processed.
    > However, AFAIK (and i
    > maintain the unified output plugin), the value
    > "a1b2c3d4" is never used
    > as a magic values when Snort generates a unified
    > file. What version of
    > Snort are you using and what is the unified output
    > configuration in your
    > snort.conf?
    >
    > -A
    >
    >

    =====
    Alwin Raymundo

    __________________________________________________
    Do you Yahoo!?
    New DSL Internet Access from SBC & Yahoo!
    http://sbc.yahoo.com

    -------------------------------------------------------
    This sf.net email is sponsored by: viaVerio will pay you up to
    $1,000 for every account that you consolidate with us.
    http://ad.doubleclick.net/clk;4749864;7604308;v?
    http://www.viaverio.com/consolidator/osdn.cfm
    _______________________________________________
    Snort-users mailing list
    Snort-userslists.sourceforge.net
    Go to this URL to change user options or unsubscribe:
    https://lists.sourceforge.net/lists/listinfo/snort-users
    Snort-users list archive:
    http://www.geocrawler.com/redir-sf.php3?list=snort-users