[Bro] barnyard2's error: "Unknown output plugin: "alert_bro" " (snort + barnyard2 + bro)

zhiquan lai laizhiquan at gmail.com
Thu Apr 12 07:51:47 PDT 2012


Hi,

I'am trying barnyard2-1.9 to send snort alerts as events to bro instance.

When building barnyard2, everything looks OK.
(For successfully compiling spo_alert_bro.c, I deleted the "#ifdef
BROCCOLI" statement in spo_alert_bro.c, and added the dir of broccoli.h to
INCLUDE)

*However*, when barnyard2 started up, "alert_bro" plugin can not be found:(

What's wrong with this? Any answer is appreciated.

Thanks,
Quan

This is the details when compiling and runinig:

*[root at sneat barnyard2-1.9]# make*

......(omit something)

make[3]: Entering directory
`/res/workspace/bro/barnyard2-1.9/src/output-plugins'
gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I ../sfutil *-I/usr/local/bro/include
*   -g -O2 -fno-strict-aliasing -Wall -c spo_alert_bro.c
gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I ../sfutil
-I/usr/local/bro/include    -g -O2 -fno-strict-aliasing -Wall -c
spo_alert_cef.c

......(omit something)

rm -f libspo.a
ar cru libspo.a spo_alert_arubaaction.o *spo_alert_bro.o* spo_alert_cef.o
spo_alert_csv.o spo_alert_fast.o spo_alert_full.o spo_alert_prelude.o
spo_alert_syslog.o spo_alert_test.o spo_alert_unixsock.o spo_common.o
spo_log_ascii.o spo_log_null.o spo_log_tcpdump.o spo_platypus.o spo_sguil.o
spo_database.o
ranlib libspo.a

......(omit something)

/bin/sh ../libtool --tag=CC   --mode=link gcc  -g -O2 -fno-strict-aliasing
-Wall   -o *barnyard2* barnyard2.o debug.o decode.o log.o log_text.o map.o
mstring.o parser.o plugbase.o spooler.o strlcatu.o strlcpyu.o util.o
output-plugins/libspo.a input-plugins/libspi.a sfutil/libsfutil.a -lpcap
-lnsl -lm -lm
libtool: link: gcc -g -O2 -fno-strict-aliasing -Wall -o barnyard2
barnyard2.o debug.o decode.o log.o log_text.o map.o mstring.o parser.o
plugbase.o spooler.o strlcatu.o strlcpyu.o util.o  output-plugins/libspo.a
input-plugins/libspi.a sfutil/libsfutil.a -lpcap -lnsl -lm



*[root at sneat barnyard2-1.9]# ./src/barnyard2 -c
/usr/local/etc/barnyard2.conf -d /var/log/snort/ -f
/var/log/snort/merged.log -w /var/log/snort/snort.waldo*
Running in Continuous mode

        --== Initializing Barnyard2 ==--
Initializing Input Plugins!
Initializing Output Plugins!
Parsing config file "/usr/local/etc/barnyard2.conf"
Log directory = /var/log/barnyard2
*ERROR: /usr/local/etc/barnyard2.conf(204) Unknown output plugin:
"alert_bro"*
Fatal Error, Quitting..
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20120412/002e8198/attachment.html 


More information about the Bro mailing list