[Snort-users] Barnyard dumps core when using acid_log (but not acid_alert)

M. Toren mtoren at ...125...
Wed May 22 12:06:20 EDT 2002


I am running the newest Barnyard from CVS on Solaris 2.7.  I can use the 
acid_alert output fine (it even shows up in ACID), but when I try to run on 
the log file (to get the packet contents), it always dumps core.  Any ideas?

  --== Initialization Complete ==--

Looking for magic: dead1080
magic ?= dead4137
magic ?= dead1080
Opened Unified Log File "/var/log/snort/snort.log.1022014701", header:
Magic          = 0xDEAD1080
Version.major  = 1
Version.minor  = 2
timezone       = -25200
sigfigs        = 0
snaplen        = 1514
linktype       = 1
====================================================================
AcidDbOpStart
cid == 87
OpAcidDB configuration details
Database Flavour: mysql
Detail Level: Fast
Database Server: removed
Database User: root
SensorID: 1
AcidDbOpStart Complete
Log->sig_generator  = 1
Log->sig_id         = 1002
Log->sig_rev        = 2
Log->classification = 1
Log->priority       = 1
Log->reference      = 1
Log->flags          = 0x80000084
Log->sec            = 1022014735
Log->usec           = 285178
Log->pktlen         = 0xBA
Log->caplen         = 0xBA
------------------------------------------------------
Bus Error (core dumped)
bash-2.03#

Thanks!
mtoren at ...125...


_________________________________________________________________
Join the world’s largest e-mail service with MSN Hotmail. 
http://www.hotmail.com





More information about the Snort-users mailing list