[Snort-users] problems with using barnyard 2-1.2

Paul Schmehl pschmehl_lists at ...14358...
Mon Mar 29 23:21:35 EDT 2010

--On March 30, 2010 12:59:13 PM +1300 Russell Fulton 
<r.fulton at ...3809...> wrote:

> I've finally got around to tweaking the schema in the snort database and
> am now moving to using barnyard 2-1.2  but I am getting these errors in
> the syslog:
> barnyard: WARNING: No function defined to read header.
> and no checkpoint file created ?
> Looks like it does not know what data basetype to use.
> configured with --with-mysql and mysql given in conf file...

Russell, what OS?

Your conf file should look something like this:

$ less /usr/local/etc/barnyard2.conf
#  Barnyard2 configuration file
#  http://www.securixlive.com/barnyard
#  Contact: dev at ...14568...

# set the appropriate paths to the file(s) your Snort process is using
config reference-map:   /usr/local/etc/snort/reference.config
config class-map:       /usr/local/etc/snort/classification.config
config gen-msg-map:     /usr/local/etc/snort/gen-msg.map
config sid-msg-map:     /usr/local/etc/snort/sid-msg.map

config hostname:        hostname
config interface:       eth0

# Step 2: setup the input plugins
input unified2

output database: log, mysql, user=user password=password dbname=snort 

Paul Schmehl

More information about the Snort-users mailing list