LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page Need help testing Snort, Barnyard2,PulledPork,BASE IDS is not loging to mysql
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
Page 1 of 3 1 23
  Search this Thread
Old 03-21-2015, 03:09 AM   #1
A Gallina
LQ Newbie
 
Registered: Apr 2004
Posts: 25

Rep: Reputation: 0
Need help testing Snort, Barnyard2,PulledPork,BASE IDS is not loging to mysql

-*> Snort! <* Version 2.9.6.0 GRE (Build 47)
barnyard2-2-1.13
My system specs are ubuntu 14.04 LTS with all current updates,2.0GB DDR400, AMD Athlon 64 Processor 3800+ , currently running the OS 32 bit.
It seems like snort and barnyard and pulled pork are running good. I meem they arent showing errors I believe. I just am not getting anything in the mysql data base as far as I can see the through Basic Analysis and Security Engine (BASE).

Could some body help me with a walk through to de bug this? I can post my config files or links to screen shots anything needed to get there. I have noticed this error at a lot of web sites but havent been able figure it out. As many of the pages just stop without resolution. Could be a good complete answer for many peoples problems. Any way Thanks in advance A Gallina
Last edited by A Gallina; 03-21-2015 at 03:10 AM.
 
Old 03-21-2015, 08:55 AM   #2
yancek
LQ Guru
 
Registered: Apr 2008
Distribution: Slackware, Ubuntu, PCLinux,
Posts: 10,572

Rep: Reputation: 2499Reputation: 2499Reputation: 2499Reputation: 2499Reputation: 2499Reputation: 2499Reputation: 2499Reputation: 2499Reputation: 2499Reputation: 2499Reputation: 2499
A little more info on what the software you are using is expected to do, maybe a link to a site. If you have mysql, are you able to use it by logging in to a terminal, can you create a database, access it, insert into that way to eliminate that as a problem.
 
1 members found this post helpful.
Old 03-21-2015, 01:14 PM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
...and in addition to what yancek wrote about eliminating errors: the fact that Snort or Barnyard2 are not showing errors does not mean there aren't any. Snort requires configuration and a rule set, the result of which you can pre-flight check using the "-T" switch: see 'man snort'. And if you're using Barnyard2 ensure your configuration is correct. Note you can use multiple output plugins so testing with syslog additionally will tell if there's any alerts logged. Also ensure the traffic you use (or replay) has rules that actually fire, because without any of that obviously nothing will be logged anywhere.
 
1 members found this post helpful.
Old 03-21-2015, 10:19 PM   #4
A Gallina
LQ Newbie
 
Registered: Apr 2004
Posts: 25

Original Poster
Rep: Reputation: 0
Hello Yancek. Yes I can create a data base in mysql(Server version: 5.5.41-0ubuntu0.14.04.1 (Ubuntu)).

Barnyard2 is a dedicated spooler for Snort's unified2 binary output format.
https://github.com/firnsy/barnyard2

Quote "If you have mysql, are you able to use it by logging in to a terminal, can you create a database, access it, insert into that way to eliminate that as a problem." The snort, pulledpork, barnyard2,adob,and Basic Analysis and Security Engine (BASE), that is running on apache. Is design to utomate the process so one would not have to insert the data directly into the mysql data base.

I can see by using this software.
http://www.mysqlfanboy.com/mytop-3/

That the data base is there. And BASE does try to connect to it.

Hello unspawn.
I have checked the configs a lot : ) Should I post them to see if you can see anything please. Preflight passes on the T command as far as I can tell.


I have put these in my local rules set. To make it fire a alert.
Code:
alert icmp any any -> any any (msg:ICMP Testing Rule; sid:1000001; rev:1;)
alert tcp any any -> any 80 (msg:TCP Testing Rule; sid:1000002; rev:1;)
alert udp any any -> any any (msg:UDP Testing Rule; sid:1000003; rev:1;)
Last edited by unSpawn; 03-22-2015 at 05:24 AM. Reason: //Add vBB code and noparse tags.
 
Old 03-22-2015, 05:34 AM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
As with software like Nagios, configuring Snort could be seen as some sort of rite of passage for Linux users which it really isn't: you should read the extensive documentation and understand what you're running. That also helps asking more detailed questions. If you have verified your configuration files are correct there is no need to post them. (If you want to post them first clean them up like this:
Code:
grep -v "^#" /path/configfile|grep . > /temppath/configfile.txt
then attach them to your reply.) Note that "-T" will output to stdout / stderr or syslog so that would be good to check thoroughly. Same goes for what I wrote about using syslog with Barnyard2 (at least during your setup phase) to ensure rules actually fire.
 
1 members found this post helpful.
Old 03-22-2015, 12:11 PM   #6
A Gallina
LQ Newbie
 
Registered: Apr 2004
Posts: 25

Original Poster
Rep: Reputation: 0
Thank you here is my grep barnyard2 config file.

Code:
config reference_file:      /etc/snort/reference.config
config classification_file: /etc/snort/classification.config
config gen_file:            /etc/snort/gen-msg.map
config sid_file:            /etc/snort/sid-msg.map
config logdir: /var/log/barnyard2
config hostname:   localhost
config interface:  eth0
config daemon
config waldo_file: /var/log/snort/barnyard2.waldo
 
input unified2:
output alert_fast
output database: log, mysql, user=######## password=########## dbname=########## host=localhost
Thank you here is my grep snort config file.

Code:
ipvar HOME_NET 192.168.1.0/24
ipvar EXTERNAL_NET any
ipvar DNS_SERVERS $HOME_NET
ipvar SMTP_SERVERS $HOME_NET
ipvar HTTP_SERVERS $HOME_NET
ipvar SQL_SERVERS $HOME_NET
ipvar TELNET_SERVERS $HOME_NET
ipvar SSH_SERVERS $HOME_NET
ipvar FTP_SERVERS $HOME_NET
ipvar SIP_SERVERS $HOME_NET
portvar HTTP_PORTS [36,80,81,82,83,84,85,86,87,88,89,90,311,383,555,591,593,631,801,808,818,901,972,1158,1220,1414,1533,1741,1830,2231,2301,2381,2809,3029,3037,3057,3128,3443,3702,4000,4343,4848,5117,5250,6080,6173,6988,7000,7001,7144,7145,7510,7770,7777,7779,8000,8008,8014,8028,8080,8081,8082,8085,8088,8090,8118,8123,8180,8181,8222,8243,8280,8300,8500,8509,8800,8888,8899,9000,9060,9080,9090,9091,9111,9443,9999,10000,11371,12601,15489,29991,33300,34412,34443,34444,41080,44449,50000,50002,51423,53331,55252,55555,56712] 
portvar SHELLCODE_PORTS !80
portvar ORACLE_PORTS 1024:
portvar SSH_PORTS 22
portvar FTP_PORTS [21,2100,3535]
portvar SIP_PORTS [5060,5061,5600]
portvar FILE_DATA_PORTS [$HTTP_PORTS,110,143]
portvar GTP_PORTS [2123,2152,3386]
ipvar AIM_SERVERS [64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9.0/24,205.188.153.0/24,205.188.179.0/24,205.188.248.0/24]
var RULE_PATH /etc/snort/rules
var SO_RULE_PATH /etc/snort/so_rules
var PREPROC_RULE_PATH /etc/snort/preproc_rules
var BLACK_LIST_PATH /etc/snort/rules
config disable_decode_alerts
config disable_tcpopt_experimental_alerts
config disable_tcpopt_obsolete_alerts
config disable_tcpopt_ttcp_alerts
config disable_tcpopt_alerts
config disable_ipopt_alerts
config checksum_mode: all
config pcre_match_limit: 3500
config pcre_match_limit_recursion: 1500
config detection: search-method ac-split search-optimize max-pattern-len 20
config event_queue: max_queue 8 log 5 order_events content_length
config paf_max: 16000
dynamicpreprocessor directory /usr/lib/snort_dynamicpreprocessor/
dynamicengine /usr/lib/snort_dynamicengine/libsf_engine.so
dynamicdetection directory /usr/lib/snort_dynamicrules
preprocessor normalize_ip4
preprocessor normalize_tcp: ips ecn stream
preprocessor normalize_icmp4
preprocessor normalize_ip6
preprocessor normalize_icmp6
preprocessor frag3_global: max_frags 65536
preprocessor frag3_engine: policy windows detect_anomalies overlap_limit 10 min_fragment_length 100 timeout 180
preprocessor stream5_global: track_tcp yes, \
   track_udp yes, \
   track_icmp no, \ 
   max_tcp 262144, \
   max_udp 131072, \
   max_active_responses 2, \
   min_response_seconds 5
preprocessor stream5_tcp: policy windows, detect_anomalies, require_3whs 180, \
   overlap_limit 10, small_segments 3 bytes 150, timeout 180, \
    ports client 21 22 23 25 42 53 70 79 109 110 111 113 119 135 136 137 139 143 \
        161 445 513 514 587 593 691 1433 1521 1741 2100 3306 6070 6665 6666 6667 6668 6669 \
        7000 8181 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779, \
    ports both 36 80 81 82 83 84 85 86 87 88 89 90 110 311 383 443 465 563 555 591 593 631 636 801 808 818 901 972 989 992 993 994 995 1158 1220 1414 1533 1741 1830 2231 2301 2381 2809 3029 3037 3057 3128 3443 3702 4000 4343 4848 5117 5250 6080 6173 6988 7907 7000 7001 7144 7145 7510 7802 7770 7777 7779 \
        7801 7900 7901 7902 7903 7904 7905 7906 7908 7909 7910 7911 7912 7913 7914 7915 7916 \
        7917 7918 7919 7920 8000 8008 8014 8028 8080 8081 8082 8085 8088 8090 8118 8123 8180 8181 8222 8243 8280 8300 8500 8509 8800 8888 8899 9000 9060 9080 9090 9091 9111 9443 9999 10000 11371 12601 15489 29991 33300 34412 34443 34444 41080 44449 50000 50002 51423 53331 55252 55555 56712
preprocessor stream5_udp: timeout 180
preprocessor http_inspect: global iis_unicode_map unicode.map 1252 compress_depth 65535 decompress_depth 65535 max_gzip_mem 104857600
preprocessor http_inspect_server: server default \
    http_methods { GET POST PUT SEARCH MKCOL COPY MOVE LOCK UNLOCK NOTIFY POLL BCOPY BDELETE BMOVE LINK UNLINK OPTIONS HEAD DELETE TRACE TRACK CONNECT SOURCE SUBSCRIBE UNSUBSCRIBE PROPFIND PROPPATCH BPROPFIND BPROPPATCH RPC_CONNECT PROXY_SUCCESS BITS_POST CCM_POST SMS_POST RPC_IN_DATA RPC_OUT_DATA RPC_ECHO_DATA } \
    chunk_length 500000 \
    server_flow_depth 0 \
    client_flow_depth 0 \
    post_depth 65495 \
    oversize_dir_length 500 \
    max_header_length 750 \
    max_headers 100 \
    max_spaces 200 \
    small_chunk_length { 10 5 } \
    ports { 36 80 81 82 83 84 85 86 87 88 89 90 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1741 1830 2231 2301 2381 2809 3029 3037 3057 3128 3443 3702 4000 4343 4848 5117 5250 6080 6173 6988 7000 7001 7144 7145 7510 7770 7777 7779 8000 8008 8014 8028 8080 8081 8082 8085 8088 8090 8118 8123 8180 8181 8222 8243 8280 8300 8500 8509 8800 8888 8899 9000 9060 9080 9090 9091 9111 9443 9999 10000 11371 12601 15489 29991 33300 34412 34443 34444 41080 44449 50000 50002 51423 53331 55252 55555 56712 } \
    non_rfc_char { 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 } \
    enable_cookie \
    extended_response_inspection \
    inspect_gzip \
    normalize_utf \
    unlimited_decompress \
    normalize_javascript \
    apache_whitespace no \
    ascii no \
    bare_byte no \
    directory no \
    double_decode no \
    iis_backslash no \
    iis_delimiter no \
    iis_unicode no \
    multi_slash no \
    utf_8 no \
    u_encode yes \
    webroot no
preprocessor rpc_decode: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 no_alert_multiple_requests no_alert_large_fragments no_alert_incomplete
preprocessor bo
preprocessor ftp_telnet: global inspection_type stateful encrypted_traffic no check_encrypted
preprocessor ftp_telnet_protocol: telnet \
    ayt_attack_thresh 20 \
    normalize ports { 23 } \
    detect_anomalies
preprocessor ftp_telnet_protocol: ftp server default \
    def_max_param_len 100 \
    ports { 21 2100 3535 } \
    telnet_cmds yes \
    ignore_telnet_erase_cmds yes \
    ftp_cmds { ABOR ACCT ADAT ALLO APPE AUTH CCC CDUP } \
    ftp_cmds { CEL CLNT CMD CONF CWD DELE ENC EPRT } \
    ftp_cmds { EPSV ESTA ESTP FEAT HELP LANG LIST LPRT } \
    ftp_cmds { LPSV MACB MAIL MDTM MIC MKD MLSD MLST } \
    ftp_cmds { MODE NLST NOOP OPTS PASS PASV PBSZ PORT } \
    ftp_cmds { PROT PWD QUIT REIN REST RETR RMD RNFR } \
    ftp_cmds { RNTO SDUP SITE SIZE SMNT STAT STOR STOU } \
    ftp_cmds { STRU SYST TEST TYPE USER XCUP XCRC XCWD } \
    ftp_cmds { XMAS XMD5 XMKD XPWD XRCP XRMD XRSQ XSEM } \
    ftp_cmds { XSEN XSHA1 XSHA256 } \
    alt_max_param_len 0 { ABOR CCC CDUP ESTA FEAT LPSV NOOP PASV PWD QUIT REIN STOU SYST XCUP XPWD } \
    alt_max_param_len 200 { ALLO APPE CMD HELP NLST RETR RNFR STOR STOU XMKD } \
    alt_max_param_len 256 { CWD RNTO } \
    alt_max_param_len 400 { PORT } \
    alt_max_param_len 512 { SIZE } \
    chk_str_fmt { ACCT ADAT ALLO APPE AUTH CEL CLNT CMD } \
    chk_str_fmt { CONF CWD DELE ENC EPRT EPSV ESTP HELP } \
    chk_str_fmt { LANG LIST LPRT MACB MAIL MDTM MIC MKD } \
    chk_str_fmt { MLSD MLST MODE NLST OPTS PASS PBSZ PORT } \
    chk_str_fmt { PROT REST RETR RMD RNFR RNTO SDUP SITE } \
    chk_str_fmt { SIZE SMNT STAT STOR STRU TEST TYPE USER } \
    chk_str_fmt { XCRC XCWD XMAS XMD5 XMKD XRCP XRMD XRSQ } \ 
    chk_str_fmt { XSEM XSEN XSHA1 XSHA256 } \
    cmd_validity ALLO < int [ char R int ] > \    
    cmd_validity EPSV < [ { char 12 | char A char L char L } ] > \
    cmd_validity MACB < string > \
    cmd_validity MDTM < [ date nnnnnnnnnnnnnn[.n[n[n]]] ] string > \
    cmd_validity MODE < char ASBCZ > \
    cmd_validity PORT < host_port > \
    cmd_validity PROT < char CSEP > \
    cmd_validity STRU < char FRPO [ string ] > \    
    cmd_validity TYPE < { char AE [ char NTC ] | char I | char L [ number ] } >
preprocessor ftp_telnet_protocol: ftp client default \
    max_resp_len 256 \
    bounce yes \
    ignore_telnet_erase_cmds yes \
    telnet_cmds yes
preprocessor smtp: ports { 25 465 587 691 } \
    inspection_type stateful \
    b64_decode_depth 0 \
    qp_decode_depth 0 \
    bitenc_decode_depth 0 \
    uu_decode_depth 0 \
    log_mailfrom \
    log_rcptto \
    log_filename \
    log_email_hdrs \
    normalize cmds \
    normalize_cmds { ATRN AUTH BDAT CHUNKING DATA DEBUG EHLO EMAL ESAM ESND ESOM ETRN EVFY } \
    normalize_cmds { EXPN HELO HELP IDENT MAIL NOOP ONEX QUEU QUIT RCPT RSET SAML SEND SOML } \
    normalize_cmds { STARTTLS TICK TIME TURN TURNME VERB VRFY X-ADAT X-DRCP X-ERCP X-EXCH50 } \
    normalize_cmds { X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN XLICENSE XQUE XSTA XTRN XUSR } \
    max_command_line_len 512 \
    max_header_line_len 1000 \
    max_response_line_len 512 \
    alt_max_command_line_len 260 { MAIL } \
    alt_max_command_line_len 300 { RCPT } \
    alt_max_command_line_len 500 { HELP HELO ETRN EHLO } \
    alt_max_command_line_len 255 { EXPN VRFY ATRN SIZE BDAT DEBUG EMAL ESAM ESND ESOM EVFY IDENT NOOP RSET } \
    alt_max_command_line_len 246 { SEND SAML SOML AUTH TURN ETRN DATA RSET QUIT ONEX QUEU STARTTLS TICK TIME TURNME VERB X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN XLICENSE XQUE XSTA XTRN XUSR } \
    valid_cmds { ATRN AUTH BDAT CHUNKING DATA DEBUG EHLO EMAL ESAM ESND ESOM ETRN EVFY } \ 
    valid_cmds { EXPN HELO HELP IDENT MAIL NOOP ONEX QUEU QUIT RCPT RSET SAML SEND SOML } \
    valid_cmds { STARTTLS TICK TIME TURN TURNME VERB VRFY X-ADAT X-DRCP X-ERCP X-EXCH50 } \
    valid_cmds { X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN XLICENSE XQUE XSTA XTRN XUSR } \
    xlink2state { enabled }
preprocessor ssh: server_ports { 22 } \
                  autodetect \
                  max_client_bytes 19600 \
                  max_encrypted_packets 20 \
                  max_server_version_len 100 \
                  enable_respoverflow enable_ssh1crc32 \
                  enable_srvoverflow enable_protomismatch
preprocessor dcerpc2: memcap 102400, events [co ]
preprocessor dcerpc2_server: default, policy WinXP, \
    detect [smb [139,445], tcp 135, udp 135, rpc-over-http-server 593], \
    autodetect [tcp 1025:, udp 1025:, rpc-over-http-server 1025:], \
    smb_max_chain 3, smb_invalid_shares ["C$", "D$", "ADMIN$"]
preprocessor dns: ports { 53 } enable_rdata_overflow
preprocessor ssl: ports { 443 465 563 636 989 992 993 994 995 7801 7802 7900 7901 7902 7903 7904 7905 7906 7907 7908 7909 7910 7911 7912 7913 7914 7915 7916 7917 7918 7919 7920 }, trustservers, noinspect_encrypted
preprocessor sensitive_data: alert_threshold 25
preprocessor sip: max_sessions 40000, \
   ports { 5060 5061 5600 }, \
   methods { invite \
             cancel \
             ack \
             bye \
             register \
             options \
             refer \
             subscribe \
             update \
             join \
             info \
             message \
             notify \
             benotify \
             do \
             qauth \
             sprack \
             publish \
             service \
             unsubscribe \
             prack }, \
   max_uri_len 512, \
   max_call_id_len 80, \
   max_requestName_len 20, \
   max_from_len 256, \
   max_to_len 256, \
   max_via_len 1024, \
   max_contact_len 512, \
   max_content_len 2048 
preprocessor imap: \
   ports { 143 } \
   b64_decode_depth 0 \
   qp_decode_depth 0 \
   bitenc_decode_depth 0 \
   uu_decode_depth 0
preprocessor pop: \
   ports { 110 } \
   b64_decode_depth 0 \
   qp_decode_depth 0 \
   bitenc_decode_depth 0 \
   uu_decode_depth 0
preprocessor modbus: ports { 502 }
preprocessor dnp3: ports { 20000 } \
   memcap 262144 \
   check_crc
output unified2: filename snort.log, limit 128, nostamp, mpls_event_types, vlan_event_types
include classification.config
include reference.config
include $RULE_PATH/local.rules
include $RULE_PATH/attack-responses.rules
include $RULE_PATH/backdoor.rules
include $RULE_PATH/bad-traffic.rules
include $RULE_PATH/chat.rules
include $RULE_PATH/ddos.rules
include $RULE_PATH/dns.rules
include $RULE_PATH/dos.rules
include $RULE_PATH/experimental.rules
include $RULE_PATH/exploit.rules
include $RULE_PATH/finger.rules
include $RULE_PATH/ftp.rules
include $RULE_PATH/icmp-info.rules
include $RULE_PATH/icmp.rules
include $RULE_PATH/imap.rules
include $RULE_PATH/info.rules
include $RULE_PATH/misc.rules
include $RULE_PATH/multimedia.rules
include $RULE_PATH/mysql.rules
include $RULE_PATH/netbios.rules
include $RULE_PATH/nntp.rules
include $RULE_PATH/oracle.rules
include $RULE_PATH/other-ids.rules
include $RULE_PATH/p2p.rules
include $RULE_PATH/policy.rules
include $RULE_PATH/pop2.rules
include $RULE_PATH/pop3.rules
include $RULE_PATH/rpc.rules
include $RULE_PATH/rservices.rules
include $RULE_PATH/scan.rules
include $RULE_PATH/smtp.rules
include $RULE_PATH/snmp.rules
include $RULE_PATH/sql.rules
include $RULE_PATH/telnet.rules
include $RULE_PATH/tftp.rules
include $RULE_PATH/virus.rules
include $RULE_PATH/web-attacks.rules
include $RULE_PATH/web-cgi.rules
include $RULE_PATH/web-client.rules
include $RULE_PATH/web-coldfusion.rules
include $RULE_PATH/web-frontpage.rules
include $RULE_PATH/web-iis.rules
include $RULE_PATH/web-misc.rules
include $RULE_PATH/web-php.rules
include $RULE_PATH/x11.rules
include $RULE_PATH/community-sql-injection.rules
include $RULE_PATH/community-web-client.rules
include $RULE_PATH/community-web-dos.rules
include $RULE_PATH/community-web-iis.rules
include $RULE_PATH/community-web-misc.rules
include $RULE_PATH/community-web-php.rules
include $RULE_PATH/community-sql-injection.rules
include $RULE_PATH/community-web-client.rules
include $RULE_PATH/community-web-dos.rules
include $RULE_PATH/community-web-iis.rules
include $RULE_PATH/community-web-misc.rules
include $RULE_PATH/community-web-php.rules
include threshold.conf
include $RULE_PATH/snort.rules
mysql error.log shows this.

Code:
150322  5:26:48 [Note] /usr/sbin/mysqld: Normal shutdown

150322  5:26:48 [Note] Event Scheduler: Purging the queue. 0 events
150322  5:26:51 [Warning] /usr/sbin/mysqld: Forcing close of thread 48  user: 'snort'

150322  5:26:55  InnoDB: Starting shutdown...
150322  5:26:58  InnoDB: Shutdown completed; log sequence number 29543893
150322  5:26:58 [Note] /usr/sbin/mysqld: Shutdown complete

150322  8:51:32 [Warning] Using unique option prefix myisam-recover instead of myisam-recover-options is deprecated and will be removed in a future release. Please use the full name instead.
150322  8:51:33 [Note] Plugin 'FEDERATED' is disabled.
150322  8:51:33 InnoDB: The InnoDB memory heap is disabled
150322  8:51:33 InnoDB: Mutexes and rw_locks use GCC atomic builtins
150322  8:51:33 InnoDB: Compressed tables use zlib 1.2.8
150322  8:51:33 InnoDB: Using Linux native AIO
150322  8:51:33 InnoDB: Initializing buffer pool, size = 128.0M
150322  8:51:33 InnoDB: Completed initialization of buffer pool
150322  8:51:33 InnoDB: highest supported file format is Barracuda.
150322  8:51:37  InnoDB: Waiting for the background threads to start
150322  8:51:38 InnoDB: 5.5.41 started; log sequence number 29543893
150322  8:51:38 [Note] Server hostname (bind-address): '127.0.0.1'; port: 3306
150322  8:51:38 [Note]   - '127.0.0.1' resolves to '127.0.0.1';
150322  8:51:38 [Note] Server socket created on IP: '127.0.0.1'.
150322  8:51:39 [Note] Event Scheduler: Loaded 0 events
150322  8:51:39 [Note] /usr/sbin/mysqld: ready for connections.
Version: '5.5.41-0ubuntu0.14.04.1'  socket: '/var/run/mysqld/mysqld.sock'  port: 3306  (Ubuntu)
Let me know if you see anything here. Or what my next step would be please. And thank you for taking the time to look at this.
Last edited by unSpawn; 03-26-2015 at 01:35 AM. Reason: //Moved SMTP issue to https://www.linuxquestions.org/questions/linux-software-2/smtp-issue-4175537871/
 
Old 03-23-2015, 08:55 PM   #7
A Gallina
LQ Newbie
 
Registered: Apr 2004
Posts: 25

Original Poster
Rep: Reputation: 0
What should I do next to fix this?
 
Old 03-26-2015, 01:45 AM   #8
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Quote:
Originally Posted by A Gallina View Post
What should I do next
Explain, I think. Because I said that if you have verified your configuration files are correct there is no need to post them?.. Besides I hinted twice now at checking snort's "-T" output and using syslog with Barnyard2 which you have not addressed.
 
1 members found this post helpful.
Old 03-26-2015, 03:49 PM   #9
A Gallina
LQ Newbie
 
Registered: Apr 2004
Posts: 25

Original Poster
Rep: Reputation: 0
Thank you unSpawn.
Snort runs fine with the -T . Seems Barnyard wont log to syslog. I tried by activating, output alert_syslog
,and output alert_syslog: LOG_AUTH LOG_INFO. Neither would give me out put to syslog. Is that what you were suggesting for me to do? Did I miss anything? I tried a scan on myself too with nmap. Not sure what to try next.
Or how to do it. Suggestion will be greatly appreciated. Thank you unSpawn.
 
Old 03-29-2015, 05:26 AM   #10
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Quote:
Originally Posted by A Gallina View Post
Seems Barnyard wont log to syslog. I tried by activating, output alert_syslog,and output alert_syslog: LOG_AUTH LOG_INFO. Neither would give me out put to syslog. Is that what you were suggesting for me to do?
Yes. Try this with respect to Barnyard2 syslog syntax.
 
1 members found this post helpful.
Old 03-29-2015, 12:57 PM   #11
A Gallina
LQ Newbie
 
Registered: Apr 2004
Posts: 25

Original Poster
Rep: Reputation: 0
Thank you unSpawn
Barnyard 2 seems be stopping with a fatal error. But it is logging to syslog now. Thats how I could see this.
Code:
Mar 29 10:38:39 zina-desktop barnyard2[3886]:         --== Initializing Barnyard2 ==--
Mar 29 10:38:39 zina-desktop barnyard2[3886]: Initializing Input Plugins!
Mar 29 10:38:39 zina-desktop barnyard2[3886]: Initializing Output Plugins!
Mar 29 10:38:39 zina-desktop barnyard2[3886]: Parsing config file "/etc/snort/barnyard.conf"
Mar 29 10:38:39 zina-desktop barnyard2[3886]: #012#012+[ Signature Suppress list ]+#012----------------------------
Mar 29 10:38:39 zina-desktop barnyard2[3886]: +[No entry in Signature Suppress List]+
Mar 29 10:38:39 zina-desktop barnyard2[3886]: ----------------------------#012+[ Signature Suppress list ]+#012
Mar 29 10:38:39 zina-desktop barnyard2[3886]: Barnyard2 spooler: Event cache size set to [2048] 
Mar 29 10:38:39 zina-desktop barnyard2[3886]: FATAL ERROR: Stat check on log dir (/var/log/snort/eth0) failed: No such file or directory.
Mar 29 10:38:39 zina-desktop barnyard2[3886]: Barnyard2 exiting
Mar 29 10:38:39 zina-desktop barnyard2[3886]: ===============================================================================
Not sure where it is getting the input to check /var/log/snort/eth0
"Mar 29 10:38:39 zina-desktop barnyard2[3886]: FATAL ERROR: Stat check on log dir (/var/log/snort/eth0)"
There is a /var/log/snort/ but it has the waldo files there and active u2 files. No file named eth0.
I figured it had to be getting this setting from the barnyard config file, but couldnt see it there.
 
Old 03-29-2015, 05:20 PM   #12
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Looks like barnyard2 gets started with "-d /var/log/snort/eth0". While barnyard2 is running run 'pgrep -lf barnyard2;' to catch command line args or check your init script. Or else just 'install -m 0750 -o snort -g snort -d /var/log/snort/eth0/archive;'. *Note please adjust -o and -g ownership to match the account Snort/Barnyard2 runs under and also note the "/archive" is due to barnyard2 maybe running with also "-a /var/log/snort/eth0/archive".
 
1 members found this post helpful.
Old 03-31-2015, 12:05 PM   #13
A Gallina
LQ Newbie
 
Registered: Apr 2004
Posts: 25

Original Poster
Rep: Reputation: 0
Hello pgrep returns this
Code:
zina@zina-desktop:~$ pgrep -lf barnyard2
3680 barnyard2
How would I check my init script please.
Also upon a closer look at my syslog
It appears as if two instances of barnyard2 are running. The first one apears to be correct while the second crashes.
Code:
Mar 31 09:50:37 zina-desktop snort[3646]:         --== Initialization Complete ==--
Mar 31 09:50:37 zina-desktop snort[3646]: Commencing packet processing (pid=3646)
Mar 31 09:50:37 zina-desktop barnyard2[3679]: Running in Continuous mode
Mar 31 09:50:37 zina-desktop barnyard2[3679]: 
Mar 31 09:50:37 zina-desktop barnyard2[3679]:         --== Initializing Barnyard2 ==--
Mar 31 09:50:37 zina-desktop barnyard2[3679]: Initializing Input Plugins!
Mar 31 09:50:37 zina-desktop barnyard2[3679]: Initializing Output Plugins!
Mar 31 09:50:37 zina-desktop barnyard2[3679]: Parsing config file "/etc/snort/barnyard2.conf"
Mar 31 09:50:37 zina-desktop barnyard2[3679]: #012#012+[ Signature Suppress list ]+#012----------------------------
Mar 31 09:50:37 zina-desktop barnyard2[3679]: +[No entry in Signature Suppress List]+
Mar 31 09:50:37 zina-desktop barnyard2[3679]: ----------------------------#012+[ Signature Suppress list ]+#012
Mar 31 09:50:38 zina-desktop barnyard2[3679]: Barnyard2 spooler: Event cache size set to [2048] 
Mar 31 09:50:38 zina-desktop barnyard2[3679]: Log directory = /var/log/barnyard2
Mar 31 09:50:38 zina-desktop snort[3679]: Initializing daemon mode
Mar 31 09:50:38 zina-desktop snort[3680]: Daemon initialized, signaled parent pid: 3679
Mar 31 09:50:38 zina-desktop snort[3680]: PID path stat checked out ok, PID path set to /var/run/
Mar 31 09:50:38 zina-desktop snort[3680]: Writing PID "3680" to file "/var/run//barnyard2_NULL.pid"
Mar 31 09:50:38 zina-desktop snort[3680]: 
Mar 31 09:50:38 zina-desktop snort[3680]:         --== Initialization Complete ==--
Mar 31 09:50:38 zina-desktop snort[3680]: Barnyard2 initialization completed successfully (pid=3680)
Mar 31 09:50:38 zina-desktop snort[3679]: Daemon parent exiting
Mar 31 09:50:38 zina-desktop snort[3680]: Using waldo file '/var/log/snort/barnyard2.waldo':#012    spool directory = /var/log/snort#012    spool filebase  = snort.log#012    time_stamp      = 1427477973#012    record_idx      = 0
Mar 31 09:50:38 zina-desktop snort[3680]: Processing new records only.
Mar 31 09:50:38 zina-desktop snort[3680]: Skipping file: /var/log/snort/snort.log.1427477973
Mar 31 09:50:38 zina-desktop snort[3680]: Opened spool file '/var/log/snort/snort.log.1427477973'
Mar 31 09:50:38 zina-desktop snort[3680]: Skipped 0 old records
Mar 31 09:50:38 zina-desktop snort[3680]: Waiting for new data
Mar 31 09:50:39 zina-desktop barnyard2[3910]: Running in Continuous mode
Mar 31 09:50:39 zina-desktop barnyard2[3910]: 
Mar 31 09:50:39 zina-desktop barnyard2[3910]:         --== Initializing Barnyard2 ==--
Mar 31 09:50:39 zina-desktop barnyard2[3910]: Initializing Input Plugins!
Mar 31 09:50:39 zina-desktop barnyard2[3910]: Initializing Output Plugins!
Mar 31 09:50:39 zina-desktop barnyard2[3910]: Parsing config file "/etc/snort/barnyard.conf"
Mar 31 09:50:39 zina-desktop barnyard2[3910]: #012#012+[ Signature Suppress list ]+#012----------------------------
Mar 31 09:50:39 zina-desktop barnyard2[3910]: +[No entry in Signature Suppress List]+
Mar 31 09:50:39 zina-desktop barnyard2[3910]: ----------------------------#012+[ Signature Suppress list ]+#012
Mar 31 09:50:40 zina-desktop barnyard2[3910]: Barnyard2 spooler: Event cache size set to [2048] 
Mar 31 09:50:40 zina-desktop barnyard2[3910]: FATAL ERROR: Stat check on log dir (/var/log/snort/eth0) failed: No such file or directory.
Mar 31 09:50:40 zina-desktop barnyard2[3910]: Barnyard2 exiting
Mar 31 09:50:40 zina-desktop barnyard2[3910]: ===============================================================================
Mar 31 09:50:40 zina-desktop barnyard2[3910]: Record Totals:
Mar 31 09:50:40 zina-desktop barnyard2[3910]:    Records:           0
Mar 31 09:50:40 zina-desktop barnyard2[3910]:    Events:           0 (0.000%)
Mar 31 09:50:40 zina-desktop barnyard2[3910]:    Packets:           0 (0.000%)
Mar 31 09:50:40 zina-desktop barnyard2[3910]:    Unknown:           0 (0.000%)
Mar 31 09:50:40 zina-desktop barnyard2[3910]:    Suppressed:           0 (0.000%)
Mar 31 09:50:40 zina-desktop barnyard2[3910]: ===============================================================================
Last edited by A Gallina; 03-31-2015 at 12:29 PM.
 
Old 04-03-2015, 09:02 PM   #14
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Apologies for late reply. Got caught up doing stuff as usual.

Quote:
Originally Posted by A Gallina View Post
How would I check my init script please.
Hmm. That kind of depends. If you install packages from source they may (or may not) provide an init script. Another indication may be how you run your application. If you don't prefix the applications name with systemctl, service or /etc/init.d/ then you may not have (or use) an init script. You could try to find it with commands like 'locate barnyard|grep etc/;' or 'find /etc -iname barnyard\*;'. Else maybe create one yourself: https://help.ubuntu.com/community/UbuntuBootupHowto


Quote:
Originally Posted by A Gallina View Post
Also upon a closer look at my syslog
It appears as if two instances of barnyard2 are running. The first one apears to be correct while the second crashes.
I saw that but I have no idea what's causing it.

Anyway, I'll be setting up a Snort node next week (CentOS though), until then I suggest you best retrace your steps, redo all installation and configuration steps.
 
Old 04-11-2015, 04:33 AM   #15
A Gallina
LQ Newbie
 
Registered: Apr 2004
Posts: 25

Original Poster
Rep: Reputation: 0
Thank you unSpawn

I ran this a requested from a terminal 'install -m 0750 -o snort -g snort -d /var/log/snort/eth0/archive;'

And I am now getting this out of syslog,after doing that.

Code:
Apr 10 20:58:49 zina-desktop barnyard2[2812]:         --== Initializing Barnyard2 ==--
Apr 10 20:58:49 zina-desktop barnyard2[2812]: Initializing Input Plugins!
Apr 10 20:58:49 zina-desktop barnyard2[2812]: Initializing Output Plugins!
Apr 10 20:58:49 zina-desktop barnyard2[2812]: Parsing config file "/etc/snort/barnyard2.conf"
Apr 10 20:58:49 zina-desktop barnyard2[2812]: #012#012+[ Signature Suppress list ]+#012----------------------------
Apr 10 20:58:49 zina-desktop barnyard2[2812]: +[No entry in Signature Suppress List]+
Apr 10 20:58:49 zina-desktop barnyard2[2812]: ----------------------------#012+[ Signature Suppress list ]+#012
Apr 10 20:58:49 zina-desktop barnyard2[2812]: Barnyard2 spooler: Event cache size set to [2048] 
Apr 10 20:58:49 zina-desktop barnyard2[2812]: Log directory = /var/log/barnyard2
Apr 10 20:58:49 zina-desktop snort[2812]: Initializing daemon mode
Apr 10 20:58:49 zina-desktop snort[2813]: Daemon initialized, signaled parent pid: 2812
Apr 10 20:58:49 zina-desktop snort[2813]: PID path stat checked out ok, PID path set to /var/run/
Apr 10 20:58:49 zina-desktop snort[2813]: Writing PID "2813" to file "/var/run//barnyard2_NULL.pid"
Apr 10 20:58:49 zina-desktop snort[2813]: 
Apr 10 20:58:49 zina-desktop snort[2813]:         --== Initialization Complete ==--
Apr 10 20:58:49 zina-desktop snort[2813]: Barnyard2 initialization completed successfully (pid=2813)
Apr 10 20:58:49 zina-desktop snort[2812]: Daemon parent exiting
Apr 10 20:58:49 zina-desktop snort[2813]: Using waldo file '/var/log/snort/barnyard2.waldo':#012    spool directory = /var/log/snort#012    spool filebase  = snort.log#012    time_stamp      = 1427477973#012    record_idx      = 0
Apr 10 20:58:49 zina-desktop snort[2813]: Processing new records only.
Apr 10 20:58:49 zina-desktop snort[2813]: Skipping file: /var/log/snort/snort.log.1427477973
Apr 10 20:58:49 zina-desktop snort[2813]: Opened spool file '/var/log/snort/snort.log.1427477973'
Apr 10 20:58:49 zina-desktop snort[2813]: Skipped 0 old records
Apr 10 20:58:49 zina-desktop snort[2813]: Waiting for new data
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 2001:500:2d::d#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 2001:500:1::803f:235#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving './NS/IN': 202.12.27.33#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving './NS/IN': 2001:7fe::53#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 202.12.27.33#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 2001:7fe::53#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 192.58.128.30#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving './NS/IN': 192.58.128.30#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving './NS/IN': 193.0.14.129#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving './NS/IN': 2001:500:3::42#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 193.0.14.129#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 2001:500:3::42#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving './NS/IN': 198.41.0.4#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving './NS/IN': 192.5.5.241#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 198.41.0.4#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 192.5.5.241#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 192.33.4.12#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving './NS/IN': 192.33.4.12#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving './NS/IN': 192.203.230.10#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving './NS/IN': 128.63.2.53#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 192.203.230.10#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 192.228.79.201#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving './NS/IN': 192.228.79.201#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving './NS/IN': 199.7.91.13#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 192.112.36.4#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 199.7.91.13#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 128.63.2.53#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving './NS/IN': 192.112.36.4#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving './NS/IN': 2001:dc3::35#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving './NS/IN': 192.36.148.17#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 2001:dc3::35#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 192.36.148.17#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving './NS/IN': 2001:503:c27::2:30#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving './NS/IN': 2001:7fd::1#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 2001:503:c27::2:30#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 2001:7fd::1#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 199.7.83.42#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving './NS/IN': 199.7.83.42#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving './NS/IN': 2001:503:ba3e::2:30#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving './NS/IN': 2001:500:2f::f#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 2001:503:ba3e::2:30#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 2001:500:2f::f#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving './NS/IN': 2001:500:1::803f:235#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving './NS/IN': 2001:500:2d::d#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 202.12.27.33#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 2001:7fe::53#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 192.58.128.30#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 193.0.14.129#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 2001:500:3::42#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 198.41.0.4#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 192.5.5.241#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 192.33.4.12#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 192.203.230.10#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 128.63.2.53#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 192.228.79.201#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 199.7.91.13#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 192.112.36.4#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 2001:dc3::35#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 192.36.148.17#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 2001:503:c27::2:30#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 2001:7fd::1#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 199.7.83.42#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 2001:503:ba3e::2:30#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 2001:500:2f::f#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 2001:500:1::803f:235#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 2001:500:2d::d#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 202.12.27.33#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 2001:7fe::53#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 192.58.128.30#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 193.0.14.129#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 2001:500:3::42#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 198.41.0.4#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 192.5.5.241#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 192.33.4.12#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 192.203.230.10#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 128.63.2.53#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 192.228.79.201#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 199.7.91.13#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 192.112.36.4#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 2001:dc3::35#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 192.36.148.17#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 2001:503:c27::2:30#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 2001:7fd::1#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 199.7.83.42#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 2001:503:ba3e::2:30#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 2001:500:2f::f#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 2001:500:1::803f:235#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 2001:500:2d::d#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 202.12.27.33#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 2001:7fe::53#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 192.58.128.30#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 193.0.14.129#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 2001:500:3::42#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 198.41.0.4#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 192.5.5.241#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 192.33.4.12#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 192.203.230.10#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 128.63.2.53#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 192.228.79.201#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 199.7.91.13#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 192.112.36.4#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 2001:dc3::35#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 192.36.148.17#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 2001:503:c27::2:30#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 2001:7fd::1#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 199.7.83.42#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 2001:503:ba3e::2:30#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 2001:500:2f::f#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 2001:500:1::803f:235#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 2001:500:2d::d#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 202.12.27.33#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 2001:7fe::53#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 192.58.128.30#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 193.0.14.129#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 2001:500:3::42#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 198.41.0.4#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 192.5.5.241#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 192.33.4.12#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 192.203.230.10#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 128.63.2.53#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 192.228.79.201#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 199.7.91.13#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 192.112.36.4#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 2001:dc3::35#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 192.36.148.17#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 2001:503:c27::2:30#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 2001:7fd::1#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 199.7.83.42#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 2001:503:ba3e::2:30#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 2001:500:2f::f#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 2001:500:1::803f:235#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 2001:500:2d::d#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 202.12.27.33#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 2001:7fe::53#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 192.58.128.30#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 193.0.14.129#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 2001:500:3::42#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 198.41.0.4#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 192.5.5.241#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 192.33.4.12#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 192.203.230.10#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 128.63.2.53#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 192.228.79.201#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 199.7.91.13#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 192.112.36.4#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 2001:dc3::35#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 192.36.148.17#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 2001:503:c27::2:30#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 2001:7fd::1#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 199.7.83.42#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 2001:503:ba3e::2:30#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 2001:500:2f::f#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 2001:500:1::803f:235#53
Apr 10 20:58:50 zina-desktop named[1280]: error (network unreachable) resolving 'zina-desktop/AAAA/IN': 2001:500:2d::d#53
Apr 10 20:58:51 zina-desktop barnyard2[3062]: Running in Continuous mode
Apr 10 20:58:51 zina-desktop barnyard2[3062]: 
Apr 10 20:58:51 zina-desktop barnyard2[3062]:         --== Initializing Barnyard2 ==--
Apr 10 20:58:51 zina-desktop barnyard2[3062]: Initializing Input Plugins!
Apr 10 20:58:51 zina-desktop barnyard2[3062]: Initializing Output Plugins!
Apr 10 20:58:51 zina-desktop barnyard2[3062]: Parsing config file "/etc/snort/barnyard.conf"
Apr 10 20:58:51 zina-desktop barnyard2[3062]: #012#012+[ Signature Suppress list ]+#012----------------------------
Apr 10 20:58:51 zina-desktop barnyard2[3062]: +[No entry in Signature Suppress List]+
Apr 10 20:58:51 zina-desktop barnyard2[3062]: ----------------------------#012+[ Signature Suppress list ]+#012
Apr 10 20:58:51 zina-desktop barnyard2[3062]: Barnyard2 spooler: Event cache size set to [2048] 
Apr 10 20:58:51 zina-desktop barnyard2[3062]: Log directory = /var/log/snort/eth0
Apr 10 20:58:51 zina-desktop snort[3062]: Initializing daemon mode
Apr 10 20:58:51 zina-desktop snort[3063]: Daemon initialized, signaled parent pid: 3062
Apr 10 20:58:51 zina-desktop snort[3063]: PID path stat checked out ok, PID path set to /var/run/
Apr 10 20:58:51 zina-desktop snort[3063]: FATAL ERROR: Failed to Lock PID File "/var/run//barnyard2_NULL.pid" for PID "3063"
Apr 10 20:58:51 zina-desktop snort[3063]: Barnyard2 exiting
Apr 10 20:58:51 zina-desktop barnyard2[3063]: ===============================================================================
Apr 10 20:58:51 zina-desktop barnyard2[3063]: Record Totals:
Apr 10 20:58:51 zina-desktop barnyard2[3063]:    Records:           0
Apr 10 20:58:51 zina-desktop barnyard2[3063]:    Events:           0 (0.000%)
Apr 10 20:58:51 zina-desktop barnyard2[3063]:    Packets:           0 (0.000%)
Apr 10 20:58:51 zina-desktop barnyard2[3063]:    Unknown:           0 (0.000%)
Apr 10 20:58:51 zina-desktop barnyard2[3063]:    Suppressed:           0 (0.000%)
Apr 10 20:58:51 zina-desktop barnyard2[3063]: ===============================================================================
Apr 10 20:58:51 zina-desktop barnyard2[3063]: Packet breakdown by protocol (includes rebuilt packets):
Apr 10 20:58:51 zina-desktop barnyard2[3063]:       ETH: 0          (0.000%)
Apr 10 20:58:51 zina-desktop barnyard2[3063]:   ETHdisc: 0          (0.000%)
Apr 10 20:58:51 zina-desktop barnyard2[3063]:      VLAN: 0          (0.000%)
Apr 10 20:58:51 zina-desktop barnyard2[3063]:      IPV6: 0          (0.000%)
Apr 10 20:58:51 zina-desktop barnyard2[3063]:   IP6 EXT: 0          (0.000%)
Apr 10 20:58:51 zina-desktop barnyard2[3063]:   IP6opts: 0          (0.000%)
Apr 10 20:58:51 zina-desktop barnyard2[3063]:   IP6disc: 0          (0.000%)
Apr 10 20:58:51 zina-desktop barnyard2[3063]:       IP4: 0          (0.000%)
Apr 10 20:58:51 zina-desktop barnyard2[3063]:   IP4disc: 0          (0.000%)
Apr 10 20:58:51 zina-desktop barnyard2[3063]:     TCP 6: 0          (0.000%)
Apr 10 20:58:51 zina-desktop barnyard2[3063]:     UDP 6: 0          (0.000%)
Apr 10 20:58:51 zina-desktop barnyard2[3063]:     ICMP6: 0          (0.000%)
Apr 10 20:58:51 zina-desktop barnyard2[3063]:   ICMP-IP: 0          (0.000%)
Apr 10 20:58:51 zina-desktop barnyard2[3063]:       TCP: 0          (0.000%)
Apr 10 20:58:51 zina-desktop barnyard2[3063]:       UDP: 0          (0.000%)
Apr 10 20:58:51 zina-desktop barnyard2[3063]:      ICMP: 0          (0.000%)
Apr 10 20:58:51 zina-desktop barnyard2[3063]:   TCPdisc: 0          (0.000%)
Apr 10 20:58:51 zina-desktop barnyard2[3063]:   UDPdisc: 0          (0.000%)
Apr 10 20:58:51 zina-desktop barnyard2[3063]:   ICMPdis: 0          (0.000%)
Apr 10 20:58:51 zina-desktop barnyard2[3063]:      FRAG: 0          (0.000%)
Apr 10 20:58:51 zina-desktop barnyard2[3063]:    FRAG 6: 0          (0.000%)
Apr 10 20:58:51 zina-desktop barnyard2[3063]:       ARP: 0          (0.000%)
Apr 10 20:58:51 zina-desktop barnyard2[3063]:     EAPOL: 0          (0.000%)
Apr 10 20:58:51 zina-desktop barnyard2[3063]:   ETHLOOP: 0          (0.000%)
Apr 10 20:58:51 zina-desktop barnyard2[3063]:       IPX: 0          (0.000%)
Apr 10 20:58:51 zina-desktop barnyard2[3063]:     OTHER: 0          (0.000%)
Apr 10 20:58:51 zina-desktop barnyard2[3063]:   DISCARD: 0          (0.000%)
Apr 10 20:58:51 zina-desktop barnyard2[3063]: InvChkSum: 0          (0.000%)
Apr 10 20:58:51 zina-desktop barnyard2[3063]:    S5 G 1: 0          (0.000%)
Apr 10 20:58:51 zina-desktop barnyard2[3063]:    S5 G 2: 0          (0.000%)
Apr 10 20:58:51 zina-desktop barnyard2[3063]:     Total: 0         
Apr 10 20:58:51 zina-desktop barnyard2[3063]: ===============================================================================
Apr 10 20:58:51 zina-desktop snort[3062]: Daemon parent exiting
Apr 10 20:58:51 zina-desktop kernel: [   77.766479] init: plymouth-stop pre-start process (3085) terminated with status 1
So I then ran as requested from a terminal.

zina@zina-desktop:~$ locate barnyard|grep etc/;

/etc/default/barnyard2
/etc/default/barnyard2~
/etc/init.d/barnyard2
/etc/init.d/runbarnyard2
/etc/rc0.d/K00runbarnyard2
/etc/rc0.d/K98barnyard2
/etc/rc1.d/K00runbarnyard2
/etc/rc1.d/K98barnyard2
/etc/rc2.d/S21runbarnyard2
/etc/rc2.d/S98barnyard2
/etc/rc3.d/S21runbarnyard2
/etc/rc3.d/S98barnyard2
/etc/rc4.d/S21runbarnyard2
/etc/rc4.d/S98barnyard2
/etc/rc5.d/S21runbarnyard2
/etc/rc5.d/S98barnyard2
/etc/rc6.d/K00runbarnyard2
/etc/rc6.d/K98barnyard2

/etc/init.d/barnyard2 looks like this.
Code:
#!/bin/sh
#
# Init file for Barnyard2
#
#
# chkconfig: 2345 40 60
# description:  Barnyard2 is an output processor for snort.
#
# processname: barnyard2
# config: /etc/sysconfig/barnyard2
# config: /etc/snort/barnyard.conf
# pidfile: /var/lock/subsys/barnyard2.pid


[ -x /usr/sbin/snort ] || exit 1
[ -r /etc/snort/snort.conf ] || exit 1

### Default variables
SYSCONFIG="/etc/default/barnyard2"

### Read configuration
[ -r "$SYSCONFIG" ] && . "$SYSCONFIG"

RETVAL=0
prog="barnyard2"
desc="Snort Output Processor"

start() {
       echo -n $"Starting $desc ($prog): "
       for INT in $INTERFACES; do
               PIDFILE="/var/lock/barnyard2-$INT.pid"
               ARCHIVEDIR="$SNORTDIR/$INT/archive"
               WALDO_FILE="$SNORTDIR/$INT/barnyard2.waldo"
               BARNYARD_OPTS="-D -c $CONF -d $SNORTDIR/${INT} -w $WALDO_FILE -l $SNORTDIR/${INT} -a $ARCHIVEDIR -f $LOG_FILE -X $PIDFILE $EXTRA_ARGS"
               $prog $BARNYARD_OPTS
       done
       RETVAL=$?
       echo
       [ $RETVAL -eq 0 ] && touch /var/lock/$prog
       return $RETVAL
}

stop() {
       echo -n $"Shutting down $desc ($prog): "
       killall $prog
       RETVAL=$?
       echo
       [ $RETVAL -eq 0 ] && rm -f /var/lock/$prog
       return $RETVAL
}

restart() {
       stop
       start
}


reload() {
       echo -n $"Reloading $desc ($prog): "
       killall $prog -HUP
       RETVAL=$?
       echo
       return $RETVAL
}


case "$1" in
 start)
       start
       ;;
 stop)
       stop
       ;;
 restart)
       restart
       ;;
 reload)
       reload
       ;;
 condrestart)
       [ -e /var/lock/$prog ] && restart
       RETVAL=$?
       ;;
 status)
       status $prog
       RETVAL=$?
       ;;
dump)
       dump
       ;;
 *)
       echo $"Usage: $0 {start|stop|restart|reload|condrestart|status|dump}"
       RETVAL=1
esac

exit $RETVAL
And /etc/init.d/runbarnyard2 Looks like this

Code:
 #!/bin/sh

case $1 in
    start)
        echo "Starting Barnyard2"
        sudo bash -c "barnyard2 -D -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.log -n"
        echo 'Barnyard2 started.'
    ;;
    stop)
        echo "Stopping Barnyard2"
        sudo killall barnyard2
        echo 'Barnyard2 stopped.'
    ;;
    restart)
        $0 stop

        sleep 4
        $0 start
    ;;
    *)
        echo "usage: $0 (start|stop|restart)"
    ;;
esac

exit 0
Please get back to me on this. Meanwhile to the best of my ability I am retracing steps,and scouring the web for answers.

Thank you.
 
  


Reply
Page 1 of 3 1 23



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
problem with snort, error when starting barnyard2 l33y Linux - Newbie 1 07-16-2014 09:06 PM
Using barnyard2 with newer versions of Snort (no mysql) Scottish_Jason Linux - Server 2 01-30-2014 06:39 PM
adding Barnyard2 to Snort w/MySQL - no MySQL error when it was working before estars100 Linux - Software 0 04-10-2013 11:44 PM
Snort with barnyard2 pra838 Linux - Server 3 08-16-2012 04:18 AM
LXer: Intrusion Detection: Snort, Base, MySQL, and Apache2 On Ubuntu 7.10 (Gutsy Gibb LXer Syndicated Linux News 0 11-21-2007 05:10 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 01:23 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration