gen-msg.map missing in Snort rules?

Posted by TheLQ on Server Fault See other posts from Server Fault or by TheLQ
Published on 2011-01-29T05:02:02Z Indexed on 2011/01/29 7:28 UTC
Read the original article Hit count: 921

Filed under:

snort

I am trying to install Snort 2.8.4.1 (only package available in the repos) with Barnyard2 with limited success. I've managed to fix everything but this:

[lordquackstar@quackwall rules]$ sudo barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.u2 -w /etc/snort/barny               Password:
Running in Continuous mode

        --== Initializing Barnyard2 ==--
Initializing Input Plugins!
Initializing Output Plugins!
Parsing config file "/etc/snort/barnyard2.conf"
ERROR: Unable to open Generator file "/etc/snort/gen-msg.map": No such file or directory
ERROR: Stat check on log dir (/var/log/barnyard2) failed: No such file or directory.
Fatal Error, Quitting..

The gen-msg.map error is puzzling me. The rulesets that come with the package do not contain this file. The newish rules I just downloaded from Snort.org for version 2.8.6.1 don't have this file. The only file that looks close is called sid-msg.map, but that's the wrong one.

Where can I obtain this file?

Just in case it matters: The packages come from the ClearOS repositories (OS is based off of CentOS). I'm running CentOS 5.2

Related posts about snort

Snort: not logging anything

as seen on Server Fault - Search for 'Server Fault'
My site seems to be the target of quite a bit of probing over the last few months. In an attempt to get a better handle on this I installed SNORT on one of the machines that has external exposure. Something must not be installed correctly as I see lots of probing in /var/log/messages but snort isn't… >>> More
Snort/Barnyard2 Logging

as seen on Server Fault - Search for 'Server Fault'
I need some help with my Snort/Barnyard2 setup. My goal is to have Snort send unified2 logs to Barnyard2 and then have Barnyard2 send the data to other locations. Here is my currrent setup. OS Scientific Linux 6 Snort Version 2.9.2.3 Barnyard2 Version 2.1.9 Snort command snort -c /etc/snort/snort… >>> More
snort analysis of wireshark capture

as seen on Server Fault - Search for 'Server Fault'
I'm trying to identify trouble users on our network. ntop identifies high traffic and high connection users, but malware doesn't always need high bandwidth to really mess things up. So I am trying to do offline analysis with snort (don't want to burden the router with inline analysis of 20 Mbps… >>> More
Snort's problems in generating alert from Darpa 1998 intrusion detection dataset.

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi. I’m working on DARPA 1998 intrusion detection dataset. When I run snort on this dataset (outside.tcpdump file), snort don’t generate complete list of alerts. It means snort start from last few hours of tcpdump file and generate alerts about this section of file and all of packets in first hours… >>> More
Snort network instruction Mac OS X

as seen on Super User - Search for 'Super User'
I'm trying to learn network intrusion detection. When I try to launch Snort, in IDS mode, I get this message (I'm running Mac OS X): Initializing Network Interface en1 ERROR: OpenPcap() FSM compilation failed: syntax error PCAP command: snort Fatal Error, Quitting.. How can I fix this problem… >>> More

Developer IT