pfSense English Support > Packages

Snort - Barnyard2 not working

<< < (2/3) > >>

Jare:
I've got a solution on how to get Barnyard2 write and use the waldo file again. When Snort is running just log into the ssh shell and start Barnyard2 with the following command:

--- Code: ---/usr/local/bin/barnyard2 -f snort_{id}_{iface}.u2 -u snort -g snort -c /usr/local/etc/snort/snort_{id}_{iface}/barnyard2.conf -w /usr/local/etc/snort/snort_{id}_{iface}/barnyard2.waldo -d /var/log/snort
--- End code ---
Remember to fill the {id} and {iface} fields correctly. If everything goes well, there will read "Waiting for new data...". Now stop Barnyard using Ctrl+c and restart Snort normally from the web interface.

jaysonr:
That worked great!  Thank you!   ;D

lightenup:
Perfect! Thanks again!

-LiGHT

lightenup:
Tonight I installed the latest version of Snort 2.8.5.3 pkg v. 1.22 package on pfSense1.2.3-RELEASE and it looks like Barnyard2 wont start. I followed the workarounds which worked on the prior version but on the current version it fails. As you can see below it throws an error about not being able to open the waldo file. Any help would be great.

Thanks Again!


--- Code: ---# pwd
/usr/local/etc/snort/snort_42641_fxp0

# ls -al barnyard2.waldo
-rw-rw----  1 snort  snort  0 Apr 24 20:57 barnyard2.waldo

# /usr/local/bin/barnyard2 -f snort_42641_fxp0.u2 -u snort -g snort -c /usr/local/etc/snort/snort_42641_fxp0/barnyard2.conf -w /usr/local/etc/snort/snort_42641_fxp0/barnyard2.waldo -d /var/log/snort
Running in Continuous mode

        --== Initializing Barnyard2 ==--
Initializing Input Plugins!
Initializing Output Plugins!
Parsing config file "/usr/local/etc/snort/snort_42641_fxp0/barnyard2.conf"
Log directory = /var/log/snort
database: compiled support for (mysql)
database: configured to use mysql
database: schema version = 107
database:           host = 10.7.7.5
database:           user = snort
database:  database name = snort
database:    sensor name = resistance.quantum.local:42641_fxp0
database:      sensor id = 17
database:  data encoding = hex
database:   detail level = full
database:     ignore_bpf = no
database: using the "log" facility

        --== Initialization Complete ==--

  ______   -*> Barnyard2 <*-
 / ,,_  \  Version 2.1.8 (Build 251)
 |o"  )~|  By the SecurixLive.com Team: http://www.securixlive.com/about.php
 + '''' +  (C) Copyright 2008-2010 SecurixLive.

           Snort by Martin Roesch & The Snort Team: http://www.snort.org/team.html
           (C) Copyright 1998-2007 Sourcefire Inc., et al.

           Built Date for Barnyard2 on Pfsense 1.2.3 is March 8 2010.
     ___   Orion IPS Output Code Copyright (C) 2009-2010 Robert Zelaya.
 ___/ f \
/ p \___/  Sense
\___/   \
    \___/  Built with Mysql SSL support.

WARNING: Unable to open waldo file '/usr/local/etc/snort/snort_42641_fxp0/barnyard2.waldo' (Permission denied)
Opened spool file '/var/log/snort/snort_42641_fxp0.u2.1272156291'
Waiting for new data



--- End code ---

lightenup:
I was beginning to suspect the parent folder permissions were to blame, your suggestion worked. James do you take paypal donations?

-LiGHT

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version