ERROR starting barnyard ; No input plugin found for magic: a1b2c3d4

 

Howdy…thanks to anyone for entertaining my query….

 

I am having problems getting started with Barnyard parsing the output from Snort.  I am trying to run continual mode.

 

Error:

ERROR: No input plugin found for magic: a1b2c3d4

 

All of the barnyard variables seem set ok, but I get that error.  I thought it was associated with starting the snort dumps with the –b option, but I am not using that.

 

Anyone know where I can begin?

 

Thanks!   Eric

 

 

SNORT PART  (Please let me know if you’d like any part of snort.conf)

 

Snort start…

 

snort -h 172.xxx.xxx.0/24 -i eth0 -c /usr/local/snort-2.2.0/rules/snort.conf &

 

 

Puts files in…

 

[root@sn-mysql root]# ll /var/log/snort

total 8

-rw-------    1 root     root         1195 Dec 16 10:02 alert

-rw-------    1 root     root          778 Dec 16 10:02 log.1103212897

[root@sn-mysql root]#

 

 

BARNYARD

 

[root@sn-mysql root]# barnyard -c /usr/local/barnyard-0.2.0/etc/barn3.conf -s /usr/local/snort-2.2.0/etc/sid-msg.map -g /usr/local/snort-2.2.0/etc/gen-msg.map -vvvvvvvvvvvv -d /var/log/snort -f log -p /usr/local/snort-2.2.0/etc/classification.config &

[2] 12170

Barnyard Version 0.2.0 (Build 32)

Command line arguments:

  Config file:           /usr/local/barnyard-0.2.0/etc/barn3.conf

  Spool dir:             /var/log/snort

  Gen-msg file:          /usr/local/snort-2.2.0/etc/gen-msg.map

  Sid-msg file:          /usr/local/snort-2.2.0/etc/sid-msg.map

  Class file:            /usr/local/snort-2.2.0/etc/classification.config

  Log dir:               Not specified

  Archive dir:           Not specified

  File base:             log

  Waldo file:            Not specified

  Pid file:              Not specified

  Verbosity level:       12

  Dry run flag:          Not Set

  Batch mode flag:       Not Set

  Daemon flag:           Not Set

  New records only flag: Not Set

  Usage flag:            Not Set

  Version flag:          Not Set

[root@sn-mysql root]# Config file variables:

  Hostname:        sn-mysql

  Interface:       eth0

  BPF Filter:      not port 22

  Class file:      Not specified

  Sid-msg file:    Not specified

  Gen-msg file:    Not specified

  Daemon flag:     Not Set

  Localtime flag:  Not Set

Program Variables:

  Continual processing mode

  Config dir:    /usr/local/barnyard-0.2.0/etc

  Config file:   /usr/local/barnyard-0.2.0/etc/barn3.conf

  Sid-msg file:  /usr/local/snort-2.2.0/etc/sid-msg.map

  Gen-msg file:  /usr/local/snort-2.2.0/etc/gen-msg.map

  Class file:    /usr/local/snort-2.2.0/etc/classification.config

  Hostname:      sn-mysql

  Interface:     eth0

  BPF Filter:    not port 22

  Log dir:       /var/log/snort

  Verbosity:     12

  Localtime:     0

  Spool dir:     /var/log/snort

  Spool file:    log

  Start at end:  0

Opened spool file '/var/log/snort/log.1103212897'

ERROR: No input plugin found for magic: a1b2c3d4

Fatal Error, Quitting..

Exiting

 

[2]+  Exit 1                  barnyard -c /usr/local/barnyard-0.2.0/etc/barn3.conf -s /usr/local/snort-2.2.0/etc/sid-msg.map -g /usr/local/snort-2.2.0/etc/gen-msg.map -vvvvvvvvvvvv -d /var/log/snort -f log -p /usr/local/snort-2.2.0/etc/classification.config

[root@sn-mysql root]#