pikkles1981 Posted December 25, 2017 Report Posted December 25, 2017 C:\Users\Operator>d:\winids\barnyard2\barnyard2.exe -c d:\winids\barnyard2\etc\barnyard2.conf -d d:\winids\snort\log -f merged.log -l d:\winids\barnyard2 -w d:\winids\snort\log\barnyard.waldo -T Running in Test mode --== Initializing Barnyard2 ==-- Initializing Input Plugins! Initializing Output Plugins! Parsing config file "d:\winids\barnyard2\etc\barnyard2.conf" +[ Signature Suppress list ]+ ---------------------------- +[No entry in Signature Suppress List]+ ---------------------------- +[ Signature Suppress list ]+ WARNING: invalid Reference spec 'url,'. Ignored WARNING: invalid Reference spec 'url,'. Ignored WARNING: invalid Reference spec 'url,'. Ignored WARNING: invalid Reference spec 'url,'. Ignored Barnyard2 spooler: Event cache size set to [32768] INFO database: Defaulting Reconnect/Transaction Error limit to 10 INFO database: Defaulting Reconnect sleep time to 5 second .............................................. just seems to go on forever from here... When I open task manager I can see the processes apache, PostgreSQL, and snort are all there but there appears to be no activity.... Quote
Morpheus Posted December 26, 2017 Report Posted December 26, 2017 Attach your barnyard2.conf file. Quote
pikkles1981 Posted December 27, 2017 Author Report Posted December 27, 2017 I decided to do a fresh install removing all associated programs/services and registry entries however I am now unable to start the apache service without errors: I checked error log which is as follows: C:\Users\Operator>d:\winids\apache24\bin\httpd.exe -w (OS 10048)Only one usage of each socket address (protocol/network address/port) is normally permitted. : AH00072: make_sock: could not bind to address 127.0.0.1:80 AH00451: no listening sockets available, shutting down AH00015: Unable to open logs Note the errors or messages above, and press the <ESC> key to exit. 0.... C:\Users\Operator>d:\winids\apache24\bin\httpd.exe (OS 10048)Only one usage of each socket address (protocol/network address/port) is normally permitted. : AH00072: make_sock: could not bind to address 127.0.0.1:80 AH00451: no listening sockets available, shutting down AH00015: Unable to open logs I should note that even though I uninstalled apache and its registry entries I received an apache already installed notification... Quote
Morpheus Posted December 27, 2017 Report Posted December 27, 2017 To completely remove Apache2 remove the service using httpd -k uninstall then delete the Apache24 directory, and then look in the services to make sure the service is gone. Looks like something else is using port 80? Quote
pikkles1981 Posted December 28, 2017 Author Report Posted December 28, 2017 I've check the ports and nothing appears to be using port 80 ... ive checked to see if it might be some residual setting from a previous instance of IIS or apache but that doesn't seem to be it.... If you see nothing wrong with these conf files Ill just re-start fresh... php.ini httpd.conf Quote
Morpheus Posted December 28, 2017 Report Posted December 28, 2017 The config files look good. It's usually quicker to start fresh. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.