[Snort-users] Barnyard2 on OS X

firnsy firnsy at ...14568...
Sun May 10 07:45:54 EDT 2009


G’day James,

I can understand your frustration with Snort/Barnyard2 and mysql as it can
be a real beast at the best of times.

We will take this latest report and attempt to track down the problem
indicated. One little piece of information that I am unable to glean from
this is the actual barnyard version you were using, I'm guessing it was the
latest beta3.

- firnsy

From: James Lay [mailto:jlay at ...13475...] 
Sent: Saturday, 9 May 2009 11:24 PM
To: Snort
Subject: [Snort-users] Barnyard2 on OS X

Well..not sure what happened...everything was running well, but now I get:

Process:         barnyard2 [19515]
Path:            /usr/local/bin/barnyard2
Identifier:      barnyard2
Version:         ??? (???)
Code Type:       X86 (Native)
Parent Process:  bash [19369]

Date/Time:       2009-05-09 07:46:56.727 -0600
OS Version:      Mac OS X Server 10.5.6 (9G55)
Report Version:  6

Exception Type:  EXC_BAD_ACCESS (SIGBUS)
Exception Codes: KERN_PROTECTION_FAILURE at 0x000000000000000c
Crashed Thread:  0

Thread 0 Crashed:
0   barnyard2                         0x0001cae4 Database + 228
(_OSByteOrder.h:59)
1   barnyard2                         0x00012eba CallOutputPlugins + 90
(plugbase.c:557)
2   barnyard2                         0x000142cc spoolerProcessRecord + 460
(spooler.c:709)
3   barnyard2                         0x0001486a ProcessContinuous + 1162
(spooler.c:501)
4   barnyard2                         0x00003bee BarnyardMain + 2286
(barnyard2.c:560)
5   barnyard2                         0x00003ea8 main + 24 (barnyard2.c:236)
6   barnyard2                         0x00001c56 start + 54

Thread 0 crashed with X86 Thread State (32-bit):
  eax: 0x00807400  ebx: 0x0001ca0b  ecx: 0xfffffffa  edx: 0x00000000
  edi: 0x00101700  esi: 0x00000000  ebp: 0xbffff928  esp: 0xbffff7d0
   ss: 0x0000001f  efl: 0x00010206  eip: 0x0001cae4   cs: 0x00000017
   ds: 0x0000001f   es: 0x0000001f   fs: 0x00000000   gs: 0x00000037
  cr2: 0x0000000c

Binary Images:
    0x1000 -    0x26fff +barnyard2 ??? (???)
<7a21a85d7bc67512b33a2482af175f31> /usr/local/bin/barnyard2
   0x77000 -    0x9fff7 +libmysqlclient.15.dylib ??? (???)
/usr/local/mysql/lib/mysql/libmysqlclient.15.dylib
0x8fe00000 - 0x8fe2db43  dyld 97.1 (???) <100d362e03410f181a34e04e94189ae5>
/usr/lib/dyld
0x92e97000 - 0x92ea5ffd  libz.1.dylib ??? (???)
<5ddd8539ae2ebfd8e7cc1c57525385c7> /usr/lib/libz.1.dylib
0x952cf000 - 0x952d6fe9  libgcc_s.1.dylib ??? (???)
<f53c808e87d1184c0f9df63aef53ce0b> /usr/lib/libgcc_s.1.dylib
0x95352000 - 0x95356fff  libmathCommon.A.dylib ??? (???)
/usr/lib/system/libmathCommon.A.dylib
0x96533000 - 0x9669aff3  libSystem.B.dylib ??? (???)
<d68880dfb1f8becdbdac6928db1510fb> /usr/lib/libSystem.B.dylib
0xffff0000 - 0xffff1780  libSystem.B.dylib ??? (???)
/usr/lib/libSystem.B.dylib


I’ve all but given up on using snort with mysql...too much stuff to do when
all I really want to see (at least here at home) is the syslog and pcap
file.  FYIW I guess.

James 





More information about the Snort-users mailing list