English | Vietnamese
 

banner

[Rule] Rules  [Home] Main Forum  [Portal] Portal  
[Members] Member Listing  [Statistics] Statistics  [Search] Search  [Reading Room] Reading Room 
[Register] Register   [Login] Loginhttp  | https  ]
 
Forum Index Thảo luận hệ điều hành *nix Xin giúp đỡ lỗi barnyard2: Unable to open waldo file  XML
  [Question]   Xin giúp đỡ lỗi barnyard2: Unable to open waldo file 02/02/2013 14:25:53 (+0700) | #1 | 273275
tuanksor
Member
[Minus]    0    [Plus]
Joined: 01/11/2011 02:44:03
Messages: 50
Offline
[Profile] [PM]
Mình cài đặt Snort+Barnyard2+base với các thông số:

snort-2.9.4-1:
- /etc/snort/snort.conf:
....
output unified2: filename snort.log, limit 128, mpls_event_types, vlan_event_types
....

- /etc/sysconfig/snort:
INTERFACE=eth0
CONF=/etc/snort/snort.conf
USER=snort
GROUP=snort
PASS_FIRST=0
LOGDIR=/var/log/snort
ALERTMODE=fast
DUMP_APP=1
BINARY_LOG=1
NO_PACKET_LOG=0
PRINT_INTERFACE=0
SYSLOG=/var/log/messages
SECS=5

barnyard2-1.9
- /etc/barnyard2/barnyard2.conf
.....
config hostname: localhost
config interface: eth0
config waldo_file: /etc/barnyard2/barnyard2.waldo
input unified2
output alert_fast: stdout
output database: log, mysql, user=root password=123456 dbname=snortdb host=localhost

Snort đã chạy bình thường và đã alert vào file /var/log/snort/alert

Mình chạy barnyard :
barnyard2 -c /etc/barnyard2/barnyard2.conf -d /var/log/snort -f snort.log -w /etc/barnyard2/barnyard2.waldo

Kết quả :

.....v.v
WARNING: Unable to open waldo file '/etc/barnyard2/barnyard2.waldo' (No such file or directory)
Opened spool file '/var/log/snort/snort.log.1358752156'
Closing spool file '/var/log/snort/snort.log.1358752156'. Read 0 records
Opened spool file '/var/log/snort/snort.log.1358754263'
Waiting for new data

và barnyard2 cũng ko ghi gì vào db cả.
nên Base cũng ko hiển thị

Mong mọi người giúp đỡ
[Up] [Print Copy]
  [Question]   Xin giúp đỡ lỗi barnyard2: Unable to open waldo file 03/02/2013 20:51:16 (+0700) | #2 | 273293
[Avatar]
 quanta
Moderator
Joined: 28/07/2006 14:44:21
Messages: 7265
Location: $ locate `whoami`
Offline
[Profile] [PM]
1. Bạn có chắc là `/etc/barnyard2/barnyard2.waldo` tồn tại không?
Code:
ls -l /etc/barnyard2/barnyard2.waldo

2. Bạn chạy `barnyard2` dưới quyền của user nào?
Let's build on a great foundation!
[Up] [Print Copy]
  [Question]   Xin giúp đỡ lỗi barnyard2: Unable to open waldo file 04/02/2013 20:16:21 (+0700) | #3 | 273310
tuanksor
Member
[Minus]    0    [Plus]
Joined: 01/11/2011 02:44:03
Messages: 50
Offline
[Profile] [PM]
Hi anh quanta, đã fix lỗi này
Do ko tồn tại file /etc/barnyard2/barnyard2.waldo nên bị báo lỗi (nghĩ là nó tự sinh khi chạy)
Thanks anh!!
[Up] [Print Copy]
[digg] [delicious] [google] [yahoo] [technorati] [reddit] [stumbleupon]
Go to: 
 Users currently in here 
1 Anonymous

Powered by JForum - Extended by HVAOnline
 hvaonline.net  |  hvaforum.net  |  hvazone.net  |  hvanews.net  |  vnhacker.org
1999 - 2013 © v2012|0504|218|