Question about Barnyard spool reading files: msg#00000

Hi all im new with Barnyard.

I'v install Sguil. I create some "scripts" to start barnyard and sguil sensors.

i have a first script with a -d option to read data from snort in 
/var/log/sguil/SPSSOSB1-DMZ/ folder...(this one work)...

SPSSOSB1# cat /root/Scripts/barnyard-dmz.sh
#!/bin/sh
/usr/local/bin/barnyard -c /var/log/sguil/SPSSOSB1-DMZ/conf/barnyard-dmz.conf 
-d /var/log/sguil/SPSSOSB1-DMZ/ -g /usr/local/etc/snort/gen-msg.map -p 
/usr/local/etc/snort/classification.config -s /usr/local/etc/snort/sid-msg.map 
-f snort.log -w waldo.files

SPSSOSB1# /root/Scripts/barnyard-dmz.sh
Barnyard Version 0.2.0 (Build 32)
Opened spool file '/var/log/sguil/SPSSOSB1-DMZ//snort.log.1183734463'
Connected to localhost on 7740.
Closing spool file '/var/log/sguil/SPSSOSB1-DMZ//snort.log.1183734463'.  Read 0 
records



I have a similar script for an other nic's;

SPSSOSB1# cat /root/Scripts/barnyard-extranet.sh
#!/bin/sh
/usr/local/bin/barnyard -c 
/var/log/sguil/SPSSOSB1-Extranet/conf/barnyard-extranet.conf -d 
/var/log/sguil/SPSSOSB1-Extranet/ -g /usr/local/etc/snort/gen-msg.map -p 
/usr/local/etc/snort/classification.config -s /usr/local/etc/snort/sid-msg.map 
-f snort.log -w waldo.files

When i lunch it, it read the data in /var/log/snort but i put a -d options to 
read in /var/log/sguil/SPSSOSB1-Extranet/...


SPSSOSB1# /root/Scripts/barnyard-extranet.sh
Barnyard Version 0.2.0 (Build 32)
WARNING: Using spool dir from bookmark file
Opened spool file '/var/log/snort/snort.log.1183744889'
Waiting for new data


Some one have an idea where i misconfigured somethings?

Thanks for your help.

Francis Provencher
Ministère de la Sécurité publique du Québec
Direction des technologies de l'information
Division de la sécurité informatique
Tél: 1 418 646-3258
Courriel:   Francis.provencher@xxxxxxxxxxxxxx
 
CEH - Certified Ethical Hackers
SSCP - System Security Certified Practitionner
Sec+ - Security +

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/

Next by Date:	Re: Question about Barnyard spool reading files, Bamm Visscher
Next by Thread:	Re: Question about Barnyard spool reading files, Bamm Visscher
Indexes:	[Date] [Thread] [Top] [All Lists]

<Prev in Thread]	Current Thread	[Next in Thread>