[Snort-users] snort 220.127.116.11 & barnyard2-1.8 problems
eoin.miller at ...14586...
Wed Jun 9 15:51:07 EDT 2010
On 6/9/2010 4:54 PM, JJC wrote:
> What command are you using in your snort.conf to create the unified2
> file output?
> On Wed, Jun 9, 2010 at 9:03 AM, Lawrence R. Hughes, Sr.
> <lhughes at ...14822... <mailto:lhughes at ...14822...>> wrote:
> Snort 18.104.22.168 reports to the mysql database without any problems,
> when we change snort to unified2 output,
> barnyard2-1.8 connects to the same database, but does not report
> We get the messages from barnyard: Not IPv4 datagram! ([ver:
> 0x6][len: 0x0])
> and it discards 100.00% ????
> Has anyone seen this problem?
Yea, its gotta be the type of output from Snort you are specifying. We
run Snort 22.214.171.124 and Barnyard2 1.8 without any problems. I think I ran
into something similiar previously when I was specifying multiple output
types logging to the same directory and then pointed barnyard at it to
spool from that location. You should just have this type of output
configuration in your snort.conf:
output unified2: filename filename-unified2.log, limit 1
If you need to specify more types of output, you should put them into
separate directories. Do you have the default output in the snort.conf
and then just added the unified2 statement as well? I think I did that
and had the same error once.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users