Re: [barnyard2-users] Barnyard2 batch mode - no output
51 views
Skip to first unread message
John Eure
Sep 16, 2014, 6:42:06 PM9/16/14
to barnyard2-users
I can't help much with barnyard2's "log_ascii" output plugin, but if all you're trying to do is convert the unified2 files into a more-readable ASCII format, you might want to take a look at the u2spewfoo tool that's included in the snort tarball. (e.g., in snort-2.9.6.0/tools/u2spewfoo/). And if that doesn't work, the u2boat tool can convert unified2 files to pcap files (although it drops the event information).
JohnOn Fri, Sep 12, 2014 at 5:51 AM, 'Beth Whyle' via barnyard2-users <barnyar...@googlegroups.com> wrote:
I am trying to convert Snort Unified2 format files to ascii files. When I attempt this using Barnyard2 batch mode I get no output and it appears as though it just dies. Below is the command line entered and output. Attached is the barnyard2.conf file used. Any feedback to produce a meaningful error to troubleshoot is appreciated.--I have read through the existing posts regarding all aspects of running oneshot batch mode but haven't found any tips that iimpact the outcome in my situation./usr/bin/barnyard2 -v -c /tmp/barnyard2.conf -o ./arch/merged.02.log.1398436388
output:
******************************************************************************
Running in Batch mode
--== Initializing Barnyard2 ==--
Initializing Input Plugins!
Initializing Output Plugins!
Parsing config file "/tmp/barnyard2.conf"
WARNING: invalid Reference spec 'url, '. Ignored
******************************************************************************
From what I've read the "Invalid Reference spec" is a benign warning. I've commented out the line in the reference.config file which I assumed would cause the problem (config reference: url http://), but that warning still appears.
---
You received this message because you are subscribed to the Google Groups "barnyard2-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to barnyard2-use...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
beenph
Sep 17, 2014, 7:06:39 PM9/17/14
to barnyar...@googlegroups.com
Seem's like the unified2 file is either empty....
Mabey outputing a non truncated by2 output would also help to
understand how it terminates.
Mabey outputing a non truncated by2 output would also help to
understand how it terminates.
Reply all
Reply to author
Forward
0 new messages