Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Dismiss

[Snort-users] sid-msg.map file is missing

157 views

Skip to first unread message

Indira Kas

unread,

Jul 2, 2014, 10:21:23 AM7/2/14

Pulledpork is running now. I checked the proper location of the sid-msg.map file in pulledpork.conf.

But when I run barnyard2 like this:
/usr/local/bin/barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.log -w /etc/snort/bylog.waldo -C /etc/snort/classification.config &

(I excluded -S and -G options, since it was throwing errors that they were included 2 times).

I get error:
ERROR: Unable to open SID file '/etc/snort/sid-msg.map' (No such file or directory)
ERROR: [Barnyard2Init()], failed while processing [/etc/snort/sid-msg.map]

Gen-msg.map file has been generated, but I can't find sid-msg.map file.

Do you know how to generate it manually maybe?

Ikas.

Shirkdog

unread,

Jul 2, 2014, 10:58:40 AM7/2/14

Pulled pork will create the sid-msg.map. What do you have configured in your pulledpork.conf? Is the path correct for what barnyard is reading?

------------------------------------------------------------------------------
Open source business process management suite built on Java and Eclipse
Turn processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows
Winner of BOSSIE, CODIE, OW2 and Gartner awards
http://p.sf.net/sfu/Bonitasoft
_______________________________________________
Snort-users mailing list
Snort...@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Y M

unread,

Jul 2, 2014, 4:26:17 PM7/2/14

Inline.

Date: Wed, 2 Jul 2014 16:21:23 +0200
From: indi...@gmail.com
To: snort...@lists.sourceforge.net
Subject: [Snort-users] sid-msg.map file is missing

Pulledpork is running now. I checked the proper location of the sid-msg.map file in pulledpork.conf.

But when I run barnyard2 like this:
/usr/local/bin/barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.log -w /etc/snort/bylog.waldo -C /etc/snort/classification.config &

(I excluded -S and -G options, since it was throwing errors that they were included 2 times).

These errors are because the sid-msg.map and the gen-msg.map paths already defined in barnayard2.conf. If you supply the same at the command line at runtime, you will get these error. Try defining them in one place and the errors should go away.

I get error:
ERROR: Unable to open SID file '/etc/snort/sid-msg.map' (No such file or directory)
ERROR: [Barnyard2Init()], failed while processing [/etc/snort/sid-msg.map]

Gen-msg.map file has been generated, but I can't find sid-msg.map file.

Do you know how to generate it manually maybe?

Since you are using PulledPork, you don't have to generate the sid-msg.map manually. PulledPork should do that. Just verify the output directory/path of the sid-msg.map in your pulledpork.conf and make sure that Barnyard2 reads from the same directory/path.

Ikas.

0 new messages