Snort mailing list archives
Re: Barnyard issue
From: Bhagya Bantwal <bbantwal () sourcefire com>
Date: Tue, 18 Jan 2011 14:43:56 -0500
Dwane, record type 110 is the new event we added in snort 290 to log the XFF IP and/or GZIP decompressed data. barnyard needs to be updated to read this record type. We have an updated u2spewfoo which reads this record type (along with all other record types) in snort source tree under tools directory. -B On Tue, Jan 18, 2011 at 2:16 PM, Atkins, Dwane P <ATKINSD () uthscsa edu>wrote:
After the weekend, I noticed that once again, my snort processes were not running. The devices were available and could be accessed by the Snort process had stopped. So I ran the rc.local executable and on one, when it executed barnyard2, the following error occurred: Opened spool file '/var/log/snort/snort.u2.1294930780' ERROR: Unknown record type read: 110 Fatal Error, Quitting.. Why would it say that? And why does my process stop all the time? Thanks Dwane ------------------------------------------------------------------------------ Protect Your Site and Customers from Malware Attacks Learn about various malware tactics and how to avoid them. Understand malware threats, the impact they can have on your business, and how you can protect your company and customers by using code signing. http://p.sf.net/sfu/oracle-sfdevnl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Protect Your Site and Customers from Malware Attacks Learn about various malware tactics and how to avoid them. Understand malware threats, the impact they can have on your business, and how you can protect your company and customers by using code signing. http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Barnyard issue Atkins, Dwane P (Jan 18)
- Re: Barnyard issue Bhagya Bantwal (Jan 18)
- Re: Barnyard issue beenph (Jan 18)
- Re: Barnyard issue Rich Graves (Jan 19)
- Re: Barnyard issue beenph (Jan 19)
- Re: Barnyard issue Atkins, Dwane P (Jan 19)
- Re: Barnyard issue beenph (Jan 19)
- Re: Barnyard issue beenph (Jan 18)
- Re: Barnyard issue Bhagya Bantwal (Jan 18)