[Snort-users] Barnyard "Invalid packet length" error

Wolf, Brian Brian.Wolf at ...12180...
Wed Aug 4 13:30:36 EDT 2004

I'm trying to get barnyard working with snort, but it always fails with
an "Invalid packet length" error.  My setup is:

	RedHat Enterprise AS 3
	snort 2.1.2
	barnyard 0.2.0
	mysql 12.22 Distrib 4.0.18

Snort, barnyard, and mysql were all built from source and are running on
the same machine.  

Snort output config:

		output alert_unified: filename snort.binalert, limit 128
		output log_unified: filename snort.binlog, limit 128

Snort command line:

		/usr/local/snort/bin/snort -i eth0 -D -X -o -c
/usr/local/snort/snort.conf -l /usr/local/snort/log

Barnyard config:

		config hostname: localhost
		config interface: lo
		config filter: not port 22
		output log_acid_db: mysql, database snort, server
localhost, user snort, password <passwd>, detail full

Barnyard command line:

		/usr/local/snort/bin/barnyard -c
/usr/local/snort/barnyard.conf \
		                              -d /usr/local/snort/log \
/usr/local/snort/bin/waldo.chk \
		                              -f snort.binlog \
/usr/local/snort/rules/gen-msg.map \

Run results:

		Barnyard Version 0.2.0 (Build 32)
		Opened spool file
		ERROR: Invalid packet length: 299008
		Read error
		Fatal Error, Quitting..

The number listed as the invalid packet length changes from run to run.

Any suggestions?

- Brian

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20040804/d92b52c7/attachment.html>

More information about the Snort-users mailing list