Barnyard2 issue: can't extract timestamp extention from 'snort.u2.1484091351'using base 'snort.u2.1484091351'

[changliu <cchliu () ucdavis edu>]

Hi, all,

I am trying to use barnyard2 in snort output analysis. I am using Barnyard2
2-1.14 and Snort version 2.9.9.0.

I followed the instruction here:
https://s3.amazonaws.com/snort-org-site/production/document_files/files/000/000/090/original/Snort_2.9.8.x_on_Ubuntu_12-14-15.pdf?AWSAccessKeyId=AKIAIXACIED2SPMSC7GA&Expires=1483945110&Signature=Toh9NrUOWchhQFJUtYvsgeZG%2BqU%3D

In the snort.conf, I specified:
output unified2: filename snort.u2, limit 128

And after running snort, snort.u2.xxxxxxxxxx is generated in the
/var/log/snort.

However, when I am running Barnyard2 to process the events in
snort.u2.xxxxxxxxxx,

It keeps printing out these error messages:
WARNING: Can't extract timestamp extension from 'snort.u2.1484091351'using
base 'snort.u2.1484091351'

Can somebody shed light on this problem?

Thanks
Chang

------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!