[Snort-users] Barnyard issues

Gary_Portnoy at ...11307... Gary_Portnoy at ...11307...
Wed May 12 13:47:15 EDT 2004

I downloaded and configured barnyard 0.2.0 and was hoping to use it to 
process my unified logs to a mysql server.  However, after i finally 
figured out the correct combination of config files parameters and command 
line switches to actually get it to run, I get the following error:

Barnyard Version 0.2.0 (Build 32)
Processing: /var/local/snort/unified.log.1084371001
OpAcidDB configured
  Database Flavour: mysql
  Detail Level: Full
  Database Server: database
  Database User: user
SensorID: 1
Next CID: 1
ERROR: Invalid packet length: 3632305
ERROR: Input file '//var/local/snort/unified.log.1084371001' is corrupted
Number of records:  0

And it does this with any unified.log file I attempt to feed it, just 
reports different packet lengths.

Here is the command line: barnyard -c ./barnyard.conf -s ./sid-msg.map -g 
./gen-msg.map -p ./classification.config -o -vvv 

Barnyard.conf has the following things:

config hostname: snortbox
config interface: qfe2
config filter: not port 22
output log_acid_db: mysql, sensor_id 1, database snort ,server database, 
user user, password password, detail full

Any ideas?

I am going to go try mudpit now.

Gary Portnoy

This message is for the named person's use only. This communication is for 
informational purposes only and has been obtained from sources believed to 
be reliable, but it is not necessarily complete and its accuracy cannot be 
guaranteed. It is not intended as an offer or solicitation for the purchase
or sale of any financial instrument or as an official confirmation of any
transaction. Moreover, this material should not be construed to contain any
recommendation regarding, or opinion concerning, any security. It may
contain confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission. If
you receive this message in error, please immediately delete it and all
copies of it from your system, destroy any hard copies of it and notify the
sender. You must not, directly or indirectly, use, disclose, distribute, 
print, or copy any part of this message if you are not the intended 
recipient.  Any views expressed in this message are those of the individual
sender, except where the message states otherwise and the sender is 
authorized to state them to be the views of any such entity.

ITG Inc. reserves the right to monitor and archive all electronic 
communications through its network. 

ITG Inc. Member NASD, SIPC

More information about the Snort-users mailing list