[Snort-users] Barnyard seg faulting

Poppi, Sandro Sandro.Poppi at ...3316...
Wed Feb 20 05:03:03 EST 2002


I'm trying to set up barnyard 0.1.0-beta4 (latest I found on snort.org) and
snort-1.8.4beta1 build 91 on RedHat Linux 7.2, barnyard compiled with mysql
support.

Snort is set up with the following unified output processors:
output alert_unified: filename snort.alert, limit 128
output log_unified: filename snort.log, limit 128

The barnyard configuration looks like this:
processor dp_alert
processor dp_stream_stat
output alert_syslog: LOG_AUTH LOG_ALERT LOG_PID
output alert_acid_db: mysql, sensor_id 9, database snort, server ids01, user
snort, password xxxxx, detail full
# output log_acid_db: mysql, sensor_id 9, database snort, server ids01, user
snort, password xxxxxx, detail full

When running barnyard with

barnyard  -c /etc/snort/barnyard.conf  -d /var/log/snort -g
/etc/snort/gen-msg.map -s /etc/snort/sid-msg.map  -f snort.alert

I get

   --== Initializing Barnyard ==--

-*> Barnyard! <*-
Version 0.1.0-beta4 (Build 5)
By Martin Roesch (roesch at ...1935..., www.snort.org)
and Andrew R. Baker (andrewb at ...671...)

Loading Data Processors...
dp_alert loaded
dp_log loaded
dp_stream_stat loaded
Loading Built-in Output Plugins...
Fast Alert plugin initialized
AlertSyslog initialized
Log Dump plugin initialized
LogPcap initialized
AcidDb output plugin initialized
Parsing Config file: /etc/snort/barnyard.conf
Args: mysql, sensor_id 9, database snort, server zbghids01, user snort,
password harry, detail full

   --== Initialization Complete ==--

AcidDbOpStart
cid == 4
AcidDbOpStart Complete
Rotating file [read 0 records from /var/log/snort/snort.alert.1014206446]
SQL: INSERT INTO event(sid, cid, signature, timestamp) VALUES('9', '5', '1',
'2002-02-20 12:01:24')
Rotating file [read 1 records from /var/log/snort/snort.alert.1014206482]
Segmentation fault

Any hint is greatly appreciated!

TIA,
Sandro




More information about the Snort-users mailing list