Re: problem in using barnyard2 in batch mode

[beenph <beenph () gmail com>]

On Thu, Nov 8, 2012 at 8:25 AM, ARUN PUSHKAR <arunpushkar () gmail com> wrote:
> i am getting following error when i am running barnyard2 in batch mode
>
> WARNING database [Database()]: Called with Event[0x8e33780] Event Type [7]
> (P)acket [0x0], information has not been outputed.
>
> can some one help in finding possible reason
Greetings Arun,
what you are seeing is a WARNING (now renamed INFO) message.
This message is generated by the output plugin, and tell you that it
received a event without a packet.

Whats this mean literally is that in the unified2 file its possible
that there is some event record that are not
associated with packet record, and they are not logged.

I would like to note that you would receive those warning in
continuous mode and also in
batch mode, this does not make any differences.

If you see this message alot then you might want to look at your
snort configuration file and see which unified2 output mode you have configured.


output alert_unified2: xxxxxx
OR
output log_unified2: xxxxxx
OR
output unified2: xxxxxxxx

barnyard2 currently work better/optimaly in 2-1.x with output unified2.

-elz

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_nov
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!