Barnyard2 unable to open directory and unable to find spool file
27 views
Skip to first unread message
Wout Janssen
Nov 21, 2017, 4:51:32 AM11/21/17
to Hogzilla Users
Hello everyone,
Im trying to setup hogzilla for testing purposes and possible future deployment.
However, going through the guide ive run into multiple problems, the new one being the following:
root@VCS00141:/var/log# /usr/local/by/bin/barnyard2 -c /usr/local/by/etc/barnyard2.conf -f merged.log
Running in Continuous mode
--== Initializing Barnyard2 ==--
Initializing Input Plugins!
Initializing Output Plugins!
Parsing config file "/usr/local/by/etc/barnyard2.conf"
+[ Signature Suppress list ]+
----------------------------
+[No entry in Signature Suppress List]+
----------------------------
+[ Signature Suppress list ]+
Barnyard2 spooler: Event cache size set to [2048]
Log directory = /var/log/snort/
--== Initialization Complete ==--
______ -*> Barnyard2 <*-
/ ,,_ \ Version 2.1.13 (Build 327)
|o" )~| By Ian Firns (SecurixLive): http://www.securixlive.com/
+ '''' + (C) Copyright 2008-2013 Ian Firns <fir...@securixlive.com>
ERROR: Unable to open directory '' (No such file or directory)
ERROR: Unable to find the next spool file!
===============================================================================
Record Totals:
Records: 0
Events: 0 (0.000%)
Packets: 0 (0.000%)
Unknown: 0 (0.000%)
Suppressed: 0 (0.000%)
===============================================================================
Packet breakdown by protocol (includes rebuilt packets):
ETH: 0 (0.000%)
ETHdisc: 0 (0.000%)
VLAN: 0 (0.000%)
IPV6: 0 (0.000%)
IP6 EXT: 0 (0.000%)
IP6opts: 0 (0.000%)
IP6disc: 0 (0.000%)
IP4: 0 (0.000%)
IP4disc: 0 (0.000%)
TCP 6: 0 (0.000%)
UDP 6: 0 (0.000%)
ICMP6: 0 (0.000%)
ICMP-IP: 0 (0.000%)
TCP: 0 (0.000%)
UDP: 0 (0.000%)
ICMP: 0 (0.000%)
TCPdisc: 0 (0.000%)
UDPdisc: 0 (0.000%)
ICMPdis: 0 (0.000%)
FRAG: 0 (0.000%)
FRAG 6: 0 (0.000%)
ARP: 0 (0.000%)
EAPOL: 0 (0.000%)
ETHLOOP: 0 (0.000%)
IPX: 0 (0.000%)
OTHER: 0 (0.000%)
DISCARD: 0 (0.000%)
InvChkSum: 0 (0.000%)
S5 G 1: 0 (0.000%)
S5 G 2: 0 (0.000%)
Total: 0
===============================================================================
This is what my barnyard2.conf looks like:
# set the appropriate paths to the file(s) your Snort process is using.
#
config reference_file: /usr/local/snort/etc/reference.config
config classification_file: /usr/local/snort/etc/classification.config
config gen_file: /usr/local/snort/etc/gen-msg.map
config sid_file: /usr/local/snort/etc/sid-msg.map
# set the directory for any output logging
#
config logdir: /var/log/snort/
# this is not hard, only unified2 is supported ;)
input unified2
You would think id find logs in the /var/log/snort/ directory, but its empty.
Can anyone help me?
Thanks in advance,
Wout Janssen
Im trying to setup hogzilla for testing purposes and possible future deployment.
However, going through the guide ive run into multiple problems, the new one being the following:
root@VCS00141:/var/log# /usr/local/by/bin/barnyard2 -c /usr/local/by/etc/barnyard2.conf -f merged.log
Running in Continuous mode
--== Initializing Barnyard2 ==--
Initializing Input Plugins!
Initializing Output Plugins!
Parsing config file "/usr/local/by/etc/barnyard2.conf"
+[ Signature Suppress list ]+
----------------------------
+[No entry in Signature Suppress List]+
----------------------------
+[ Signature Suppress list ]+
Barnyard2 spooler: Event cache size set to [2048]
Log directory = /var/log/snort/
--== Initialization Complete ==--
______ -*> Barnyard2 <*-
/ ,,_ \ Version 2.1.13 (Build 327)
|o" )~| By Ian Firns (SecurixLive): http://www.securixlive.com/
+ '''' + (C) Copyright 2008-2013 Ian Firns <fir...@securixlive.com>
ERROR: Unable to open directory '' (No such file or directory)
ERROR: Unable to find the next spool file!
===============================================================================
Record Totals:
Records: 0
Events: 0 (0.000%)
Packets: 0 (0.000%)
Unknown: 0 (0.000%)
Suppressed: 0 (0.000%)
===============================================================================
Packet breakdown by protocol (includes rebuilt packets):
ETH: 0 (0.000%)
ETHdisc: 0 (0.000%)
VLAN: 0 (0.000%)
IPV6: 0 (0.000%)
IP6 EXT: 0 (0.000%)
IP6opts: 0 (0.000%)
IP6disc: 0 (0.000%)
IP4: 0 (0.000%)
IP4disc: 0 (0.000%)
TCP 6: 0 (0.000%)
UDP 6: 0 (0.000%)
ICMP6: 0 (0.000%)
ICMP-IP: 0 (0.000%)
TCP: 0 (0.000%)
UDP: 0 (0.000%)
ICMP: 0 (0.000%)
TCPdisc: 0 (0.000%)
UDPdisc: 0 (0.000%)
ICMPdis: 0 (0.000%)
FRAG: 0 (0.000%)
FRAG 6: 0 (0.000%)
ARP: 0 (0.000%)
EAPOL: 0 (0.000%)
ETHLOOP: 0 (0.000%)
IPX: 0 (0.000%)
OTHER: 0 (0.000%)
DISCARD: 0 (0.000%)
InvChkSum: 0 (0.000%)
S5 G 1: 0 (0.000%)
S5 G 2: 0 (0.000%)
Total: 0
===============================================================================
This is what my barnyard2.conf looks like:
# set the appropriate paths to the file(s) your Snort process is using.
#
config reference_file: /usr/local/snort/etc/reference.config
config classification_file: /usr/local/snort/etc/classification.config
config gen_file: /usr/local/snort/etc/gen-msg.map
config sid_file: /usr/local/snort/etc/sid-msg.map
# set the directory for any output logging
#
config logdir: /var/log/snort/
# this is not hard, only unified2 is supported ;)
input unified2
You would think id find logs in the /var/log/snort/ directory, but its empty.
Can anyone help me?
Thanks in advance,
Wout Janssen
Paulo Angelo
Nov 26, 2017, 7:54:53 PM11/26/17
to Hogzilla Users
Hi Wout Janssen,
Check if the directory /var/log/snort/ exists.
regards.
PA
Check if the directory /var/log/snort/ exists.
regards.
PA
Reply all
Reply to author
Forward
0 new messages