Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort 2.9.3.1 / Barnyard2 2.1.9 Problem

From: "Berndt, Achim" <aberndt () studio-hamburg de>
Date: Fri, 24 Aug 2012 19:04:12 +0000
Hi elz,

Thanks for your reply.


Which unified2 output mode did you configured in snort?

-> output unified2: filename snort.unified2, limit 128

Did you install barnyard2 from source or from a package?

-> from source (barnyard2-1.9.tar.gz)

What is your barnyard2 configuration and barnyard2 command line?

-> barnyard2 -u snort -g snort -d /var/log/snort -f snort.unified2 -c 
-> /etc/snort/barnyard2.conf

Regards
Achim

-----Ursprüngliche Nachricht-----
Von: beenph [mailto:beenph () gmail com] 
Gesendet: Montag, 20. August 2012 13:22
An: Berndt, Achim
Cc: snort-users () lists sourceforge net; barnyard2-users () googlegroups com
Betreff: Re: [Snort-users] Snort 2.9.3.1 / Barnyard2 2.1.9 Problem

On Mon, Aug 20, 2012 at 2:59 AM, Berndt, Achim <aberndt () studio-hamburg de> wrote:

Hi,




Greetings Achim,



I have installed the new version of snort and tried to log to mysql 
via barnyard2.

Unfortunately barnyard2 crashed every time, if it read the merged 
unified2 logfile?!

Following message appears in the messages logfile:



Aug 20 08:56:46 ids1 barnyard2: Log directory = /var/log/barnyard2

Aug 20 08:56:46 ids1 barnyard2: Initializing daemon mode

Aug 20 08:56:46 ids1 barnyard2: Daemon parent exiting

Aug 20 08:56:46 ids1 barnyard2: Daemon initialized, signaled parent pid:
20379

Aug 20 08:56:46 ids1 barnyard2: PID path stat checked out ok, PID path 
set to /var/run/

Aug 20 08:56:46 ids1 barnyard2: Writing PID "20382" to file 
"/var/run//barnyard2_eth0.pid"

Aug 20 08:56:47 ids1 barnyard2: database: inconsistent cid information 
for
sid=11

Aug 20 08:56:47 ids1 barnyard2:           Recovering by rolling forward the
cid=1

Aug 20 08:56:47 ids1 barnyard2: database: compiled support for (mysql)

Aug 20 08:56:47 ids1 barnyard2: database: configured to use mysql

Aug 20 08:56:47 ids1 barnyard2: database: schema version = 107

Aug 20 08:56:47 ids1 barnyard2: database:           host = localhost

Aug 20 08:56:47 ids1 barnyard2: database:           user = SnortLogUser

Aug 20 08:56:47 ids1 barnyard2: database:  database name = SnortLog

Aug 20 08:56:47 ids1 barnyard2: database:    sensor name = ids1:eth0

Aug 20 08:56:47 ids1 barnyard2: database:      sensor id = 11

Aug 20 08:56:47 ids1 barnyard2: database:     sensor cid = 2

Aug 20 08:56:47 ids1 barnyard2: database:  data encoding = hex

Aug 20 08:56:47 ids1 barnyard2: database:   detail level = full

Aug 20 08:56:47 ids1 barnyard2: database:     ignore_bpf = no

Aug 20 08:56:47 ids1 barnyard2: database: using the "log" facility

Aug 20 08:56:47 ids1 barnyard2:

Aug 20 08:56:47 ids1 barnyard2:         --== Initialization Complete ==--

Aug 20 08:56:47 ids1 barnyard2: Barnyard2 initialization completed 
successfully (pid=20382)

Aug 20 08:56:47 ids1 barnyard2: Using waldo file
'/var/log/snort/barnyard2.waldo':#012    spool directory =
/var/log/snort#012    spool filebase  = snort.unified2#012    time_stamp
= 1345395953#012    record_idx      = 2

Aug 20 08:56:47 ids1 barnyard2: Opened spool file 
'/var/log/snort/snort.unified2.1345395953'



Which unified2 output mode did you configured in snort?

Did you install barnyard2 from source or from a package?

What is your barnyard2 configuration and barnyard2 command line?

Cheers,

-elz

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: