[gentoo-user] barnyard sguil output plugin doesn't work

[Robert Welz]

Hello.
I installed snort, sguil-sensor and barnyard on one of my machines and I 
can't start barnyard. Does someone has a running installation and could 
tell me the version numbers of all three programs? I suspect that the 
version numbers of barnyard and sguil don't fit, i.e. that the sguil 
patch on barnyard doesn't work.

The sguil USE flag on barnyard is set.

When I start by command line:

Merkur snort # barnyard -c /etc/snort/barnyard.conf -d 
/var/lib/sguil/Merkur -g /etc/snort/gen-msg.map -s 
/etc/snort/sid-msg.map -f snort_unified.log -w /etc/snort/waldo.file -L 
/var/lib/sguil/Merkur -a /var/lib/sguil/Merkur/archive
Barnyard Version 0.2.0 (Build 32)

WARNING /etc/snort/barnyard.conf (136) => Unrecognized argument for 
Sguil plugin: mysql
WARNING /etc/snort/barnyard.conf (136) => Unrecognized argument for 
Sguil plugin: sensor_id 0
WARNING /etc/snort/barnyard.conf (136) => Unrecognized argument for 
Sguil plugin: database sguildb
WARNING /etc/snort/barnyard.conf (136) => Unrecognized argument for 
Sguil plugin: server 192.168.6.122
WARNING /etc/snort/barnyard.conf (136) => Unrecognized argument for 
Sguil plugin: user root
WARNING /etc/snort/barnyard.conf (136) => Unrecognized argument for 
Sguil plugin: password pass
WARNING /etc/snort/barnyard.conf (136) => Unrecognized argument for 
Sguil plugin: sguild_host 192.168.7.122
WARNING /etc/snort/barnyard.conf (136) => Unrecognized argument for 
Sguil plugin: sguild_port 7736

My barnyard.conf:

...
output sguil: mysql, sensor_id 0, database sguildb, server 
192.168.6.122, user root, password pass sguild_host
 192.168.7.122, sguild_port 7736


Thank you for help,
Robert Welz

--
gentoo-user@gentoo.org mailing list