[Sguil-users] Sguil - Barnyard weird behaviour

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

I'm currently trying on sguil in cvs src where PADS are in, however i can't
find anything related when I fetch from cvs src tree, Scottder has sent me =
a
tarball and I tried it. At first I run sguil-0.6.1 and everything seems to
be fine. Till I change to use the latest sguil source. I found this
weirdness that hard to tell. It is normal in CLI but in the sguil analyst
console,

Barnyard indication light is red while it is connected to sensor_agent. I
define the port for barnyard to connect to sensor through port 7740

I check on Barnyard without bringing it to background, I get

Barnyard Version 0.2.0 (Build 32)
Opened spool file '/nsm/snort_data/dissector/snort.log.1146395173'
Connected to localhost on 7740.

I run sensor in debug mode and it shows

barnyard connected: sock9 127.0.0.1 48837
Sending sguild (sock3) SystemMessage {Barnyard connected via sensor
localhost.}
Sending sguild (sock3) BarnyardInit dissector 1
Sending sguild (sock3) PING
Sensor Data Rcvd: PONG
PONG received

Checking for PS files in /nsm/snort_data/dissector/portscans.
Checking for PS files in /nsm/snort_data/dissector/portscans.
Checking for PS files in /nsm/snort_data/dissector/portscans.

I have no problem at all with sguil-0.6.1 but only having this problem when
using CVS or the tarball that sent by Scottder just now.

The netstat shows positive result

Active Internet connections (including servers)
Proto Recv-Q Send-Q  Local Address          Foreign Address        (state)
tcp        0      0  127.0.0.1.7740         127.0.0.1.48837
ESTABLISHED
tcp        0      0  127.0.0.1.48837        127.0.0.1.7740
ESTABLISHED
tcp        0      0  192.168.0.55.22        192.168.0.250.1420
ESTABLISHED
tcp        0     52  192.168.0.55.22        192.168.0.250.1414
ESTABLISHED
tcp        0      0  127.0.0.1.7740         *.*                    LISTEN

--
Best Regards,

CS Lee<geek00L[at]gmail.com>