barnyard2 continous mode fails to see new logs #60

Closed
bala150985 opened this Issue Dec 26, 2012 · 1 comment

Projects

None yet

1 participant

@bala150985

Hi

I am using the latest build of barnyard Version 2.1.11 (Build 317), When I used the batch mode to process the unified2 logs of snort I can see that barnyard2 process it very well, However when I try to process the same via continous mode it fails to recognize the new unified2 log file which snort creates.

@bala150985

Sorry it was my mistake when I ran in the continous mode I added a astric and the file name like -f merged.log.*, I had to open the spooler.c file to figure out. The comments on that file between line 70 to 80 spotted where I was going wrong.

From spooler.c

/* Find the next spool file timestamp extension with a value equal to or

  • greater than timet. If extension != NULL, the extension will be
  • returned. *
  • @retval 0 file found
  • @retval -1 error
  • @retval 1 no file found *
  • Bugs: This function presumes a 1 character delimeter between the base
  • filename and the extension */
@bala150985 bala150985 closed this Dec 26, 2012
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment