Re: snort 2.8.6.0 & barnyard2-1.8 problems

[Eoin Miller <eoin.miller () trojanedbinaries com>]

On 6/9/2010 4:54 PM, JJC wrote:
> What command are you using in your snort.conf to create the unified2 
> file output?
>
> On Wed, Jun 9, 2010 at 9:03 AM, Lawrence R. Hughes, Sr. 
> <lhughes () safemedia com <mailto:lhughes () safemedia com>> wrote:
>
>     Hi,
>     Snort 2.8.6.0 reports to the mysql database without any problems,
>     when we change snort to unified2 output,
>     barnyard2-1.8 connects to the same database, but does not report
>     anything?
>     We get the messages from barnyard: Not IPv4 datagram! ([ver:
>     0x6][len: 0x0])
>     and it discards 100.00% ????
>     Has anyone seen this problem?
>     Thanks,
>     Larry

Yea, its gotta be the type of output from Snort you are specifying. We 
run Snort 2.8.6.0 and Barnyard2 1.8 without any problems. I think I ran 
into something similiar previously when I was specifying multiple output 
types logging to the same directory and then pointed barnyard at it to 
spool from that location. You should just have this type of output 
configuration in your snort.conf:

output unified2: filename filename-unified2.log, limit 1

If you need to specify more types of output, you should put them into 
separate directories. Do you have the default output in the snort.conf 
and then just added the unified2 statement as well? I think I did that 
and had the same error once.

-- Eoin

------------------------------------------------------------------------------
ThinkGeek and WIRED's GeekDad team up for the Ultimate 
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the 
lucky parental unit.  See the prize list and enter to win: 
http://p.sf.net/sfu/thinkgeek-promo

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users