Can get barnyard2 to read from Snort log but won't write to alert file

[the mulhern]

Hi all,

Barnyard2 is reading from Snort log and prints summary statistics about what it's read. The Snort log file is the result of reading from a ruleset that specifies to alert on anything and then pinging.

I've specified output as "alert_fast: alert.fast" in barnyard2.conf but it just creates an empty alert.fast file. If I specify "alert_fast: stdout" it writes to standard output. If I specify "alert_fast: file alert.fast" it gives an error.

I definitely don't want to write to a database, all I really want is something simple to show that barnyard2 can be made to work with Snort output. I'm preparing a sort of prototype distribution for the Yocto project.

Can anybody give me suggestions or other things to try to get barnyard2 to be convincingly hooked up to Snort in a simple fashion.

I'ld also like to know of some automatic way to discard Snort files once read by barnyard.

Waiting hopefully for suggestions.

Thanks!

- mulhern