Minor issue getting barnyard_start.sh to start
For the last few days, I had been receiving an error when attempting to start the script barnyard_start.sh on a new Sguil sensor. The error was:
'Warning: /usr/local/etc/nsm/barnyard.conf(137) => Unknown output plugin "sguil" referenced, ignoring!Fatal Error, Quitting ..'
I walked away from it for a few days, not quite understanding what it meant, realizing I can sometimes completely misread an error's meaning when I'm stressed. Then I found this: snort forum archive
Interesting! Maybe I could reconfigure Barnyard with the --enable-mysql option as well as the --enable-tcl option. So I tried it.
First time it didn't work. I removed barnyard-0.2.0 from /usr/local/src using "rm -r barnyard-0.2.0". (Be really careful with rm -r! It can wipe your system if you're not careful!) Then I did this: "tar -xvzf barnyard-0.2.0.tar.gz", and tried the "./configure --enable-mysql --enable-tcl --with-tcl=/usr/local/lib/tcl8.4".
It worked! Sguil has successfully been installed and is usable on the unit.
'Warning: /usr/local/etc/nsm/barnyard.conf(137) => Unknown output plugin "sguil" referenced, ignoring!Fatal Error, Quitting ..'
I walked away from it for a few days, not quite understanding what it meant, realizing I can sometimes completely misread an error's meaning when I'm stressed. Then I found this: snort forum archive
Interesting! Maybe I could reconfigure Barnyard with the --enable-mysql option as well as the --enable-tcl option. So I tried it.
First time it didn't work. I removed barnyard-0.2.0 from /usr/local/src using "rm -r barnyard-0.2.0". (Be really careful with rm -r! It can wipe your system if you're not careful!) Then I did this: "tar -xvzf barnyard-0.2.0.tar.gz", and tried the "./configure --enable-mysql --enable-tcl --with-tcl=/usr/local/lib/tcl8.4".
It worked! Sguil has successfully been installed and is usable on the unit.
Labels: victory
posted by JD at
9:37 PM
0 Comments:
Post a Comment
<< Home