Re: Snort 2.9.3.1 / Barnyard2 2.1.9 Problem

[beenph <beenph () gmail com>]

On Mon, Aug 20, 2012 at 2:59 AM, Berndt, Achim
<aberndt () studio-hamburg de> wrote:
> Hi,

Greetings Achim,

> I have installed the new version of snort and tried to log to mysql via
> barnyard2.
>
> Unfortunately barnyard2 crashed every time, if it read the merged unified2
> logfile?!
>
> Following message appears in the messages logfile:
>
>
>
> Aug 20 08:56:46 ids1 barnyard2: Log directory = /var/log/barnyard2
>
> Aug 20 08:56:46 ids1 barnyard2: Initializing daemon mode
>
> Aug 20 08:56:46 ids1 barnyard2: Daemon parent exiting
>
> Aug 20 08:56:46 ids1 barnyard2: Daemon initialized, signaled parent pid:
> 20379
>
> Aug 20 08:56:46 ids1 barnyard2: PID path stat checked out ok, PID path set
> to /var/run/
>
> Aug 20 08:56:46 ids1 barnyard2: Writing PID "20382" to file
> "/var/run//barnyard2_eth0.pid"
>
> Aug 20 08:56:47 ids1 barnyard2: database: inconsistent cid information for
> sid=11
>
> Aug 20 08:56:47 ids1 barnyard2:           Recovering by rolling forward the
> cid=1
>
> Aug 20 08:56:47 ids1 barnyard2: database: compiled support for (mysql)
>
> Aug 20 08:56:47 ids1 barnyard2: database: configured to use mysql
>
> Aug 20 08:56:47 ids1 barnyard2: database: schema version = 107
>
> Aug 20 08:56:47 ids1 barnyard2: database:           host = localhost
>
> Aug 20 08:56:47 ids1 barnyard2: database:           user = SnortLogUser
>
> Aug 20 08:56:47 ids1 barnyard2: database:  database name = SnortLog
>
> Aug 20 08:56:47 ids1 barnyard2: database:    sensor name = ids1:eth0
>
> Aug 20 08:56:47 ids1 barnyard2: database:      sensor id = 11
>
> Aug 20 08:56:47 ids1 barnyard2: database:     sensor cid = 2
>
> Aug 20 08:56:47 ids1 barnyard2: database:  data encoding = hex
>
> Aug 20 08:56:47 ids1 barnyard2: database:   detail level = full
>
> Aug 20 08:56:47 ids1 barnyard2: database:     ignore_bpf = no
>
> Aug 20 08:56:47 ids1 barnyard2: database: using the "log" facility
>
> Aug 20 08:56:47 ids1 barnyard2:
>
> Aug 20 08:56:47 ids1 barnyard2:         --== Initialization Complete ==--
>
> Aug 20 08:56:47 ids1 barnyard2: Barnyard2 initialization completed
> successfully (pid=20382)
>
> Aug 20 08:56:47 ids1 barnyard2: Using waldo file
> '/var/log/snort/barnyard2.waldo':#012    spool directory =
> /var/log/snort#012    spool filebase  = snort.unified2#012    time_stamp
> = 1345395953#012    record_idx      = 2
>
> Aug 20 08:56:47 ids1 barnyard2: Opened spool file
> '/var/log/snort/snort.unified2.1345395953'

Which unified2 output mode did you configured in snort?

Did you install barnyard2 from source or from a package?

What is your barnyard2 configuration and barnyard2 command line?

Cheers,

-elz

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!