security/snort & security/barnyard2 configuration failure

chigurh · Jan 16, 2013

Hi. I am using security/snort for event management, in past security/snort used to log events in database but since version 2.9.3 the maintainer of the port detached event logging features and suggested using security/barnyard2. Till recently I was using old security/snort with event logging features but due to recent devel/pcre update I can't use old package. I have tried configuring security/barnyard2 but it fails with following errors -

Code:

Jan 16 01:03:08 apogee barnyard2[4763]: database: [SynchronizeEventId()]: Problems executing [SELECT MAX(cid) FROM data WHERE sid='2';] 
Jan 16 01:03:08 apogee barnyard2[4763]: database: [SynchronizeEventId()]: Problems executing [SELECT MAX(cid) FROM event WHERE sid='2';] 
Jan 16 01:03:08 apogee barnyard2[4763]: database: [SynchronizeEventId()]: Problems executing [SELECT MAX(cid) FROM icmphdr WHERE sid='2';] 
Jan 16 01:03:08 apogee barnyard2[4763]: database: [SynchronizeEventId()]: Problems executing [SELECT MAX(cid) FROM iphdr WHERE sid='2';] 
Jan 16 01:03:08 apogee barnyard2[4763]: database: [SynchronizeEventId()]: Problems executing [SELECT MAX(cid) FROM opt WHERE sid='2';] 
Jan 16 01:03:08 apogee barnyard2[4763]: database: [SynchronizeEventId()]: Problems executing [SELECT MAX(cid) FROM tcphdr WHERE sid='2';] 
Jan 16 01:03:08 apogee barnyard2[4763]: database: [SynchronizeEventId()]: Problems executing [SELECT MAX(cid) FROM udphdr WHERE sid='2';] 
Jan 16 01:03:12 apogee barnyard2[4763]: database: compiled support for (mysql)
Jan 16 01:03:12 apogee barnyard2[4763]: database: configured to use mysql
Jan 16 01:03:12 apogee barnyard2[4763]: database: schema version = 107
Jan 16 01:03:12 apogee barnyard2[4763]: database:           host = localhost
Jan 16 01:03:12 apogee barnyard2[4763]: database:           user = xxxx
Jan 16 01:03:12 apogee barnyard2[4763]: database:  database name = xxxxx
Jan 16 01:03:12 apogee barnyard2[4763]: database:    sensor name = apogee.xxx.xxx:re0
Jan 16 01:03:12 apogee barnyard2[4763]: database:      sensor id = 2
Jan 16 01:03:12 apogee barnyard2[4763]: database:     sensor cid = 4
Jan 16 01:03:12 apogee barnyard2[4763]: database:  data encoding = hex
Jan 16 01:03:12 apogee barnyard2[4763]: database:   detail level = full
Jan 16 01:03:12 apogee barnyard2[4763]: database:     ignore_bpf = no
Jan 16 01:03:12 apogee barnyard2[4763]: database: using the "log" facility
Jan 16 01:03:12 apogee barnyard2[4763]: 
Jan 16 01:03:12 apogee barnyard2[4763]:         --== Initialization Complete ==--
Jan 16 01:03:12 apogee barnyard2[4763]: Barnyard2 initialization completed successfully (pid=4763)
Jan 16 01:03:12 apogee barnyard2[4763]: WARNING: Ignoring corrupt/truncated waldofile '/var/log/snort/barnyard2.waldo'
Jan 16 01:03:12 apogee barnyard2[4763]: ERROR: Unable to open directory '' (No such file or directory)
Jan 16 01:03:12 apogee barnyard2[4763]: ERROR: Unable to find the next spool file!
Jan 16 01:03:12 apogee barnyard2[4763]: ===============================================================================
Jan 16 01:03:12 apogee barnyard2[4763]: Record Totals:
Jan 16 01:03:12 apogee barnyard2[4763]:    Records:            0
Jan 16 01:03:12 apogee barnyard2[4763]:     Events:            0 (0.000%)
Jan 16 01:03:12 apogee barnyard2[4763]:    Packets:            0 (0.000%)
Jan 16 01:03:12 apogee barnyard2[4763]:    Unknown:            0 (0.000%)
Jan 16 01:03:12 apogee barnyard2[4763]: ===============================================================================
Jan 16 01:03:12 apogee barnyard2[4763]: Packet breakdown by protocol (includes rebuilt packets):
Jan 16 01:03:12 apogee barnyard2[4763]:       ETH: 0          (0.000%)
Jan 16 01:03:12 apogee barnyard2[4763]:   ETHdisc: 0          (0.000%)
Jan 16 01:03:12 apogee barnyard2[4763]:      VLAN: 0          (0.000%)
Jan 16 01:03:12 apogee barnyard2[4763]:      IPV6: 0          (0.000%)
Jan 16 01:03:12 apogee barnyard2[4763]:   IP6 EXT: 0          (0.000%)
Jan 16 01:03:12 apogee barnyard2[4763]:   IP6opts: 0          (0.000%)
Jan 16 01:03:12 apogee barnyard2[4763]:   IP6disc: 0          (0.000%)
Jan 16 01:03:12 apogee barnyard2[4763]:       IP4: 0          (0.000%)
Jan 16 01:03:12 apogee barnyard2[4763]:   IP4disc: 0          (0.000%)
Jan 16 01:03:12 apogee barnyard2[4763]:     TCP 6: 0          (0.000%)
Jan 16 01:03:12 apogee barnyard2[4763]:     UDP 6: 0          (0.000%)
Jan 16 01:03:12 apogee barnyard2[4763]:     ICMP6: 0          (0.000%)
Jan 16 01:03:12 apogee barnyard2[4763]:   ICMP-IP: 0          (0.000%)
Jan 16 01:03:12 apogee barnyard2[4763]:       TCP: 0          (0.000%)
Jan 16 01:03:12 apogee barnyard2[4763]:       UDP: 0          (0.000%)
Jan 16 01:03:12 apogee barnyard2[4763]:      ICMP: 0          (0.000%)
Jan 16 01:03:12 apogee barnyard2[4763]:   TCPdisc: 0          (0.000%)
Jan 16 01:03:12 apogee barnyard2[4763]:   UDPdisc: 0          (0.000%)
Jan 16 01:03:12 apogee barnyard2[4763]:   ICMPdis: 0          (0.000%)
Jan 16 01:03:12 apogee barnyard2[4763]:      FRAG: 0          (0.000%)
Jan 16 01:03:12 apogee barnyard2[4763]:    FRAG 6: 0          (0.000%)
Jan 16 01:03:12 apogee barnyard2[4763]:       ARP: 0          (0.000%)
Jan 16 01:03:12 apogee barnyard2[4763]:     EAPOL: 0          (0.000%)
Jan 16 01:03:12 apogee barnyard2[4763]:   ETHLOOP: 0          (0.000%)
Jan 16 01:03:12 apogee barnyard2[4763]:       IPX: 0          (0.000%)
Jan 16 01:03:12 apogee barnyard2[4763]:     OTHER: 0          (0.000%)
Jan 16 01:03:12 apogee barnyard2[4763]:   DISCARD: 0          (0.000%)
Jan 16 01:03:12 apogee barnyard2[4763]: InvChkSum: 0          (0.000%)
Jan 16 01:03:12 apogee barnyard2[4763]:    S5 G 1: 0          (0.000%)
Jan 16 01:03:12 apogee barnyard2[4763]:    S5 G 2: 0          (0.000%)
Jan 16 01:03:12 apogee barnyard2[4763]:     Total: 0         
Jan 16 01:03:12 apogee barnyard2[4763]: ===============================================================================
Jan 16 01:03:15 apogee kernel: TCP: [127.0.0.1]:57381 to [127.0.0.1]:161 tcpflags 0x2<SYN>; tcp_input: Connection attempt to closed port

/usr/local/etc/snort/snort.conf http://pastebin.ca/2303257

/usr/local/etc/barnyard2.conf http://pastebin.ca/2303265

I have censored output database in above file.

chigurh · Jan 16, 2013

update

If I initiate /usr/local/bin/barnyard2 with
[CMD=]barnyard2 -c /usr/local/etc/barnyard2.conf -d /var/log/snort -f snortunified2.log -w /var/log/snort/barnyard2.waldo -D[/CMD]

I get this -

Code:

Jan 16 02:20:36 apogee barnyard2[90380]: Barnyard2 spooler: Event cache size set to [2048] 
Jan 16 02:20:36 apogee barnyard2[90380]: Log directory = /var/log/barnyard2
Jan 16 02:20:36 apogee barnyard2[90380]: INFO database: Defaulting Reconnect/Transaction Error limit to 10 
Jan 16 02:20:36 apogee barnyard2[90380]: INFO database: Defaulting Reconnect sleep time to 5 second 
Jan 16 02:20:36 apogee barnyard2[90380]: Initializing daemon mode
Jan 16 02:20:36 apogee barnyard2[90435]: Daemon initialized, signaled parent pid: 90380
Jan 16 02:20:36 apogee barnyard2[90435]: PID path stat checked out ok, PID path set to /var/run/
Jan 16 02:20:36 apogee barnyard2[90435]: Writing PID "90435" to file "/var/run//barnyard2_re0.pid"
Jan 16 02:20:36 apogee barnyard2[90380]: Daemon parent exiting
Jan 16 02:20:46 apogee kernel: TCP: [127.0.0.1]:12444 to [127.0.0.1]:161 tcpflags 0x2<SYN>; tcp_input: Connection attempt to closed port
Jan 16 02:20:59 apogee last message repeated 4 times
Jan 16 02:21:00 apogee ypxfr[90710]: no destination domain specified and the local domain name isn't set
Jan 16 02:21:00 apogee ypxfr[90710]: Exiting: Request arguments bad
Jan 16 02:21:02 apogee kernel: TCP: [127.0.0.1]:12444 to [127.0.0.1]:161 tcpflags 0x2<SYN>; tcp_input: Connection attempt to closed port
Jan 16 02:21:20 apogee last message repeated 2 times
Jan 16 02:21:22 apogee kernel: Connection attempt to UDP 10.0.0.5:57693 from 10.0.0.1:53
Jan 16 02:21:22 apogee kernel: Connection attempt to UDP 10.0.0.5:15124 from 10.0.0.1:53
Jan 16 02:21:36 apogee barnyard2[90435]: Node unique name is: apogee.BSD.biz:re0 
Jan 16 02:21:36 apogee barnyard2[90435]: database: [SynchronizeEventId()]: Problems executing [SELECT MAX(cid) FROM data WHERE sid='2';] 
Jan 16 02:21:36 apogee barnyard2[90435]: database: [SynchronizeEventId()]: Problems executing [SELECT MAX(cid) FROM event WHERE sid='2';] 
Jan 16 02:21:36 apogee barnyard2[90435]: database: [SynchronizeEventId()]: Problems executing [SELECT MAX(cid) FROM icmphdr WHERE sid='2';] 
Jan 16 02:21:36 apogee barnyard2[90435]: database: [SynchronizeEventId()]: Problems executing [SELECT MAX(cid) FROM iphdr WHERE sid='2';] 
Jan 16 02:21:36 apogee barnyard2[90435]: database: [SynchronizeEventId()]: Problems executing [SELECT MAX(cid) FROM opt WHERE sid='2';] 
Jan 16 02:21:36 apogee barnyard2[90435]: database: [SynchronizeEventId()]: Problems executing [SELECT MAX(cid) FROM tcphdr WHERE sid='2';] 
Jan 16 02:21:36 apogee barnyard2[90435]: database: [SynchronizeEventId()]: Problems executing [SELECT MAX(cid) FROM udphdr WHERE sid='2';] 
Jan 16 02:21:40 apogee barnyard2[90435]: database: compiled support for (mysql)
Jan 16 02:21:40 apogee barnyard2[90435]: database: configured to use mysql
Jan 16 02:21:40 apogee barnyard2[90435]: database: schema version = 107
Jan 16 02:21:40 apogee barnyard2[90435]: database:           host = localhost
Jan 16 02:21:40 apogee barnyard2[90435]: database:           user = xxxxx
Jan 16 02:21:40 apogee barnyard2[90435]: database:  database name = xxxxx
Jan 16 02:21:40 apogee barnyard2[90435]: database:    sensor name = apogee.xxx.xxx:re0
Jan 16 02:21:40 apogee barnyard2[90435]: database:      sensor id = 2
Jan 16 02:21:40 apogee barnyard2[90435]: database:     sensor cid = 5
Jan 16 02:21:40 apogee barnyard2[90435]: database:  data encoding = hex
Jan 16 02:21:40 apogee barnyard2[90435]: database:   detail level = full
Jan 16 02:21:40 apogee barnyard2[90435]: database:     ignore_bpf = no
Jan 16 02:21:40 apogee barnyard2[90435]: database: using the "log" facility
Jan 16 02:21:40 apogee barnyard2[90435]: 
Jan 16 02:21:40 apogee barnyard2[90435]:         --== Initialization Complete ==--
Jan 16 02:21:40 apogee barnyard2[90435]: Barnyard2 initialization completed successfully (pid=90435)
Jan 16 02:21:40 apogee barnyard2[90435]: WARNING: Ignoring corrupt/truncated waldofile '/var/log/snort/barnyard2.waldo'
Jan 16 02:21:40 apogee barnyard2[90435]: Opened spool file '/var/log/snort/snortunified2.log.1358326086'
Jan 16 02:21:40 apogee barnyard2[90435]: ERROR: Unable to open log spool file '/var/log/snort/snortunified2.log.1358326086' (Permission denied)
Jan 16 02:21:40 apogee barnyard2[90435]: Closing spool file '/var/log/snort/snortunified2.log.1358326086'. Read 0 records
Jan 16 02:21:40 apogee barnyard2[90435]: ERROR: Unable to create spooler!
Jan 16 02:21:40 apogee barnyard2[90435]: ===============================================================================
Jan 16 02:21:40 apogee barnyard2[90435]: Record Totals:
Jan 16 02:21:40 apogee barnyard2[90435]:    Records:            0
Jan 16 02:21:40 apogee barnyard2[90435]:     Events:            0 (0.000%)
Jan 16 02:21:40 apogee barnyard2[90435]:    Packets:            0 (0.000%)
Jan 16 02:21:40 apogee barnyard2[90435]:    Unknown:            0 (0.000%)
Jan 16 02:21:40 apogee barnyard2[90435]: ===============================================================================
Jan 16 02:21:40 apogee barnyard2[90435]: Packet breakdown by protocol (includes rebuilt packets):
Jan 16 02:21:40 apogee barnyard2[90435]:       ETH: 0          (0.000%)
Jan 16 02:21:40 apogee barnyard2[90435]:   ETHdisc: 0          (0.000%)
Jan 16 02:21:40 apogee barnyard2[90435]:      VLAN: 0          (0.000%)
Jan 16 02:21:40 apogee barnyard2[90435]:      IPV6: 0          (0.000%)
Jan 16 02:21:40 apogee barnyard2[90435]:   IP6 EXT: 0          (0.000%)
Jan 16 02:21:40 apogee barnyard2[90435]:   IP6opts: 0          (0.000%)
Jan 16 02:21:40 apogee barnyard2[90435]:   IP6disc: 0          (0.000%)
Jan 16 02:21:40 apogee barnyard2[90435]:       IP4: 0          (0.000%)
Jan 16 02:21:40 apogee barnyard2[90435]:   IP4disc: 0          (0.000%)
Jan 16 02:21:40 apogee barnyard2[90435]:     TCP 6: 0          (0.000%)
Jan 16 02:21:40 apogee barnyard2[90435]:     UDP 6: 0          (0.000%)
Jan 16 02:21:40 apogee barnyard2[90435]:     ICMP6: 0          (0.000%)
Jan 16 02:21:40 apogee barnyard2[90435]:   ICMP-IP: 0          (0.000%)
Jan 16 02:21:40 apogee barnyard2[90435]:       TCP: 0          (0.000%)
Jan 16 02:21:40 apogee barnyard2[90435]:       UDP: 0          (0.000%)
Jan 16 02:21:40 apogee barnyard2[90435]:      ICMP: 0          (0.000%)
Jan 16 02:21:40 apogee barnyard2[90435]:   TCPdisc: 0          (0.000%)
Jan 16 02:21:40 apogee barnyard2[90435]:   UDPdisc: 0          (0.000%)
Jan 16 02:21:40 apogee barnyard2[90435]:   ICMPdis: 0          (0.000%)
Jan 16 02:21:40 apogee barnyard2[90435]:      FRAG: 0          (0.000%)
Jan 16 02:21:40 apogee barnyard2[90435]:    FRAG 6: 0          (0.000%)
Jan 16 02:21:40 apogee barnyard2[90435]:       ARP: 0          (0.000%)
Jan 16 02:21:40 apogee barnyard2[90435]:     EAPOL: 0          (0.000%)
Jan 16 02:21:40 apogee barnyard2[90435]:   ETHLOOP: 0          (0.000%)
Jan 16 02:21:40 apogee barnyard2[90435]:       IPX: 0          (0.000%)
Jan 16 02:21:40 apogee barnyard2[90435]:     OTHER: 0          (0.000%)
Jan 16 02:21:40 apogee barnyard2[90435]:   DISCARD: 0          (0.000%)
Jan 16 02:21:40 apogee barnyard2[90435]: InvChkSum: 0          (0.000%)
Jan 16 02:21:40 apogee barnyard2[90435]:    S5 G 1: 0          (0.000%)
Jan 16 02:21:40 apogee barnyard2[90435]:    S5 G 2: 0          (0.000%)
Jan 16 02:21:40 apogee barnyard2[90435]:     Total: 0         
Jan 16 02:21:40 apogee barnyard2[90435]: ===============================================================================
Jan 16 02:21:45 apogee kernel: TCP: [127.0.0.1]:12444 to [127.0.0.1]:161 tcpflags 0x2<SYN>; tcp_input: Connection attempt to closed port

[CMD=]ls -l /var/log/snort/snortunified2.log.1358326086[/CMD]

Code:

-rw-------  1 root  wheel  5075822 Jan 16 01:02 /var/log/snort/snortunified2.log.1358326086

I don't want to change ownership of /var/log/snort

Any ideas on how to sort this?

chigurh · Jan 16, 2013

It is running now after executing - [CMD=]touch /var/log/barnyard2/snortunified2.log && barnyard2 -c /usr/local/etc/barnyard2.conf -d /var/log/barnyard2 -f snortunified2.log -w /var/log/barnyard2/barnyard2.waldo -D [/CMD]

It still throws waldo file error -

Code:

Jan 16 03:15:23 apogee barnyard2[23913]: database:      sensor id = 2
Jan 16 03:15:23 apogee barnyard2[23913]: database:     sensor cid = 7
Jan 16 03:15:23 apogee barnyard2[23913]: database:  data encoding = hex
Jan 16 03:15:23 apogee barnyard2[23913]: database:   detail level = full
Jan 16 03:15:23 apogee barnyard2[23913]: database:     ignore_bpf = no
Jan 16 03:15:23 apogee barnyard2[23913]: database: using the "log" facility
Jan 16 03:15:23 apogee barnyard2[23913]: 
Jan 16 03:15:23 apogee barnyard2[23913]:         --== Initialization Complete ==--
Jan 16 03:15:23 apogee barnyard2[23913]: Barnyard2 initialization completed successfully (pid=23913)
Jan 16 03:15:23 apogee barnyard2[23913]: WARNING: Unable to open waldo file '/var/log/barnyard2/barnyard2.waldo' (Permission denied)
Jan 16 03:15:23 apogee barnyard2[23913]: Waiting for new spool file

waldo file in question is -rw-rw-rw-

SirDice · Jan 16, 2013

Look at the permissions and ownership of the /var/log/barnyard2/ directory.

chigurh · Jan 16, 2013

SirDice said:
Look at the permissions and ownership of the /var/log/barnyard2/ directory.

It was originally -

Code:

drw-rw-rw-  2 root      wheel           512 Jan 16 03:14 barnyard2/

Code:

ls -lhr /var/log/barnyard2
total 0
-rw-r--r--  1 root  wheel     0B Jan 16 03:14 snortunified2.log
-rw-r--r--  1 root  wheel     0B Nov 16 22:42 fast_alerts.log
-rw-rw-rw-  1 root  wheel     0B Jan 16 03:04 barnyard2.waldo

I changed mode to 'ugo+rw' for contents but I still get this error -

Code:

Jan 16 03:59:41 apogee barnyard2[4873]: WARNING: Unable to open waldo file '/var/log/barnyard2/barnyard2.waldo' (Permission denied)

New permissions are -

Code:

ls -l /var/log/barnyard2
total 672
-rw-rw-rw-  1 root  wheel       0 Jan 16 03:04 barnyard2.waldo
-rw-rw-rw-  1 root  wheel       0 Nov 16 22:42 fast_alerts.log
-rw-rw-rw-  1 root  wheel  665743 Jan 16 04:01 snortunified2.log

SirDice · Jan 16, 2013

Don't just make stuff world-writable, it's a really bad habit that's going to bite you one day.

Looking at your config:

Code:

# specifiy the group or GID for barnyard2 to run as after initialisation.
#
config set_gid: 999
 
# specifiy the user or UID for barnyard2 to run as after initialisation.
#
config set_uid: 999

The directory and files need to be owned by whatever account has UID 999.

chigurh · Jan 16, 2013

SirDice said:
Don't just make stuff world-writable, it's a really bad habit that's going to bite you one day.

I know where you come from, this is a trial and I have re-modified perms on those files. now /var/log/snort is drwxr-xr-x (default).

The directory and files need to be owned by whatever account has UID 999.

Cool, I am looking into it at the moment.

chigurh · Jan 16, 2013

@SirDice, there is no user for UID of 999. I will create a user with UID/GID 999 or change those fields in barnyard2.conf. Can I change those value to '0' (root uid/gid)?, will it work on normal boot or should I set those for 1001 (my users UID/GID)?

SirDice · Jan 16, 2013

That's probably where your problem originates. Create a user for barnyard, set it correctly in the config and change the ownership of the files.

chigurh · Jan 16, 2013

SirDice said:
That's probably where your problem originates. Create a user for barnyard, set it correctly in the config and change the ownership of the files.

I added a user with uid/gid of 999 with nologin but it is still throwing errors -

Code:

Jan 16 05:44:44 apogee barnyard2[65023]: Barnyard2 initialization completed successfully (pid=65023)
Jan 16 05:44:44 apogee barnyard2[65023]: WARNING: Unable to open waldo file '/var/log/barnyard2/barnyard2.waldo' (Permission denied)
Jan 16 05:44:44 apogee barnyard2[65023]: Opened spool file '/var/log/snort/snortunified2.log.1358326086'
Jan 16 05:44:44 apogee barnyard2[65023]: WARNING: Unable to open waldo file '/var/log/barnyard2/barnyard2.waldo' (Permission denied)
Jan 16 05:44:46 apogee last message repeated 807 times
Jan 16 05:44:46 apogee kernel: TCP: [127.0.0.1]:29248 to [127.0.0.1]:161 tcpflags 0x2<SYN>; tcp_input: Connection attempt to closed port
Jan 16 05:44:46 apogee barnyard2[65023]: WARNING: Unable to open waldo file '/var/log/barnyard2/barnyard2.waldo' (Permission denied)
Jan 16 05:44:47 apogee last message repeated 652 times

Code:

<root@apogee>/var/log/barnyard2 # ls -l
total 91904
-rw-r--r--  1 barny  barny         0 Jan 16 04:17 barnyard2.waldo
-rw-r--r--  1 barny  barny   3069700 Jan 16 05:45 fast_alerts.log
-rw-r--r--  1 barny  barny  90936413 Jan 16 05:45 snortunified2.log
<root@apogee>/var/log/barnyard2 # id barny
uid=999(barny) gid=999(barny) groups=999(barny)
<root@apogee>/var/log/barnyard2 #

chigurh · Jan 16, 2013

It is fixed now, had to do change mode to u+x for barnyard2.waldo. I don't know if it is right or wrong but it works for now.

Code:

Jan 16 06:12:52 apogee barnyard2[65700]: database:      sensor id = 2
Jan 16 06:12:52 apogee barnyard2[65700]: database:     sensor cid = 27651
Jan 16 06:12:52 apogee barnyard2[65700]: database:  data encoding = hex
Jan 16 06:12:52 apogee barnyard2[65700]: database:   detail level = full
Jan 16 06:12:52 apogee barnyard2[65700]: database:     ignore_bpf = no
Jan 16 06:12:52 apogee barnyard2[65700]: database: using the "log" facility
Jan 16 06:12:52 apogee barnyard2[65700]: 
Jan 16 06:12:52 apogee barnyard2[65700]:         --== Initialization Complete ==--
Jan 16 06:12:52 apogee barnyard2[65700]: Barnyard2 initialization completed successfully (pid=65700)
Jan 16 06:12:52 apogee barnyard2[65700]: WARNING: Ignoring corrupt/truncated waldofile '/var/log/barnyard2/barnyard2.waldo'
Jan 16 06:12:52 apogee barnyard2[65700]: Opened spool file '/var/log/snort/snortunified2.log.1358326086'

chigurh · Jan 17, 2013

Now the last warning over truncated file has disappeared after restarting snort and barnyard2. Please mark this thread as 'SOLVED'.

SirDice · Jan 17, 2013

chigurh said:
Please mark this thread as 'SOLVED'.

Edit the post, click on "Go Advanced".

security/snort & security/barnyard2 configuration failure

chigurh

chigurh

chigurh

SirDice

Administrator

chigurh

SirDice

Administrator

chigurh

chigurh

SirDice

Administrator

chigurh

chigurh

chigurh

SirDice

Administrator