Ohhhhhkay.

Now the system seems to be registering xl0 interface. Hmmm. I ensured the correct IP was listed in /etc/defaults/rc.conf (don't try this at home, kids! Always use /etc/rc.conf!), moved the riser card and rebooted a couple of times.

Quite odd. I wonder if the whole area isn't prone to electrical funkiness--the power supply is across the machine from the board and that end of the power cable you plug into the computer. There is nothing but a screw between it and the NIC. I ensured earlier it wasn't loose or anything. Very, very strange.

Wish my boss would be cool with actual new hardware instead of new-to-us hardware.

"women who love too much & the interfaces that ignore them"

I'm feeling dull and thick today, like half my blood has been replaced by sugar-free molasses. It's kind of like watching Jerry Springer after eating a tube of toothpaste.

I've got an entry in my /etc/rc.conf file that reads:
ifconfig_xl0="inet 192.168.1.9 netmask 255.255.255.0"

It's almost the same as its counterpart, ifconfig_fxp0--one number and two letters difference, in fact. There don't appear to be typos, and I have Known Good hardware installed on the box.

So why can't I see xl0 when I do an ifconfig? Why does it tell me "ifconfig: interface xl0 does not exist"?

Added "network_interfaces="fxp0 xl0 lo0" to my /etc/rc.conf, to no avail. I've added a line to /etc/defaults/rc.conf that says: 'ifconfig _xl0="inet 192.168.1.9"' and rebooted my machine. Checked /dev/net and did not see an xl0.

I'm looking at this sort of thing under uname -a:
"FreeBSD toybox.company.com 6.2-RELEASE FreeBSD 6.2-RELEASE #0: Fri jan 12 10:40:27 UTC 2007 root@dessler.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386

"ifconfig xl0 create" also does not seem to work. The error message ends up being "ifconfig: SIOCIFCREATE: Invalid arguement". I wonder what's wrong...did I just not read the manual closely enough? Does the same action taken in 6.0 not work in 6.2?

Minor issue getting barnyard_start.sh to start

For the last few days, I had been receiving an error when attempting to start the script barnyard_start.sh on a new Sguil sensor. The error was:

'Warning: /usr/local/etc/nsm/barnyard.conf(137) => Unknown output plugin "sguil" referenced, ignoring!Fatal Error, Quitting ..'

I walked away from it for a few days, not quite understanding what it meant, realizing I can sometimes completely misread an error's meaning when I'm stressed. Then I found this: snort forum archive

Interesting! Maybe I could reconfigure Barnyard with the --enable-mysql option as well as the --enable-tcl option. So I tried it.

First time it didn't work. I removed barnyard-0.2.0 from /usr/local/src using "rm -r barnyard-0.2.0". (Be really careful with rm -r! It can wipe your system if you're not careful!) Then I did this: "tar -xvzf barnyard-0.2.0.tar.gz", and tried the "./configure --enable-mysql --enable-tcl --with-tcl=/usr/local/lib/tcl8.4".

It worked! Sguil has successfully been installed and is usable on the unit.

Yes, it's the hardware

Seems to have the same issues with random panics no matter which version of the OS is installed or what packages it's installing.

Bossman is ordering new HDD's for the units. Luckily I've got one or two good ones here to work on, so I won't be so far behind my work flow.