linuxcentoscentos7snortintrusion-detection

barnyard2 for snort permission denied

I installed barnyard2 for snort, but when i run command below this error appear.

[root@localhost snort]# barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort/ -f snort.log -w /etc/snort/bylog.waldo /etc/snort/gen-msg.map /etc/snort/sid-msg.map -C /etc/snort/classification.config 
Running in Continuous mode

    --== Initializing Barnyard2 ==--
Initializing Input Plugins!
Initializing Output Plugins!
Parsing config file "/etc/snort/barnyard2.conf"


+[ Signature Suppress list ]+
----------------------------
+[No entry in Signature Suppress List]+
----------------------------
+[ Signature Suppress list ]+

Barnyard2 spooler: Event cache size set to [2048] 
ERROR: Can not get write access to logging directory "/var/log/barnyard2". (directory doesn't exist or permissions are set incorrectly or it is not a directory at all)
Fatal Error, Quitting..
Barnyard2 exiting

and permission is:

[root@localhost snort]# ls -l /var/log/barnyard2 
-rwxrwxrwx. 1 root root 0 Aug 14 16:35 /var/log/barnyard2

in this link this problem was solved but i don't understand how ...
https://forums.freebsd.org/threads/barnyard2-start-service-error.51378/

Solution

  • It looks like directory flag is missing there. The error message says

    ERROR: Can not get write access to logging directory "/var/log/barnyard2". (directory doesn't exist or permissions are set incorrectly or it is not a directory at all)

    Probably the last case of /var/log/barnyard2 being not a directory at all might apply.

    Backup the file and try creating a directory /var/log/barnyard2 with permissions 640 and corresponding ownership.

    EDIT: As long as you do not know the contents of /var/log/barnyard2, rename or move the file to some place ( as root 'mv /var/log/barnyard2 /var/log/barnyard2.old'). Restarting barnyard2 now could help, it might create the directory with appropriate permissions by itself. Otherwise as root type 'mkdir /var/log/barnyard2' and then set permissions by typing 'chmod 640 /var/log/barnyard2'. Additionally check the user under which barnyard2 is running by typing 'ps -u | grep "barnyard2"'. Then find the appropriate group to that user by typing 'groups <user>' and then set the ownership of the directory to the corresponding user by typing 'chown <user>:<group> /var/log/barnyard2'.