Snort mailing list archives
Barnyard issues
From: Gary_Portnoy () itginc com
Date: Wed, 12 May 2004 16:46:34 -0400
I downloaded and configured barnyard 0.2.0 and was hoping to use it to process my unified logs to a mysql server. However, after i finally figured out the correct combination of config files parameters and command line switches to actually get it to run, I get the following error: Barnyard Version 0.2.0 (Build 32) Processing: /var/local/snort/unified.log.1084371001 OpAcidDB configured Database Flavour: mysql Detail Level: Full Database Server: database Database User: user SensorID: 1 Next CID: 1 ERROR: Invalid packet length: 3632305 ERROR: Input file '//var/local/snort/unified.log.1084371001' is corrupted Number of records: 0 Exiting And it does this with any unified.log file I attempt to feed it, just reports different packet lengths. Here is the command line: barnyard -c ./barnyard.conf -s ./sid-msg.map -g ./gen-msg.map -p ./classification.config -o -vvv /var/local/snort/unified.log.1084371001 Barnyard.conf has the following things: config hostname: snortbox config interface: qfe2 config filter: not port 22 output log_acid_db: mysql, sensor_id 1, database snort ,server database, user user, password password, detail full Any ideas? I am going to go try mudpit now. ------------------------------------------- Gary Portnoy -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- This message is for the named person's use only. This communication is for informational purposes only and has been obtained from sources believed to be reliable, but it is not necessarily complete and its accuracy cannot be guaranteed. It is not intended as an offer or solicitation for the purchase or sale of any financial instrument or as an official confirmation of any transaction. Moreover, this material should not be construed to contain any recommendation regarding, or opinion concerning, any security. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorized to state them to be the views of any such entity. ITG Inc. reserves the right to monitor and archive all electronic communications through its network. ITG Inc. Member NASD, SIPC -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- ------------------------------------------------------- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Barnyard issues Gary_Portnoy (May 12)
- <Possible follow-ups>
- barnyard issues David (Jun 01)
- RE: barnyard issues SRH-Lists (Jun 01)