[Snort-users] Barnyard2 will not start

beenph beenph at ...11827...
Mon Feb 14 10:26:55 EST 2011


No problems Dwane.


On Mon, Feb 14, 2011 at 9:53 AM, Atkins, Dwane P <ATKINSD at ...9240...> wrote:
> That was my fault. Turns out I had the wrong directories defined in the barnyard2.conf.  Thank you for your help.
>
> Dwane
>
> -----Original Message-----
> From: beenph [mailto:beenph at ...11827...]
> Sent: Saturday, February 12, 2011 2:53 PM
> To: Atkins, Dwane P
> Cc: snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] Barnyard2 will not start
>
> What happens when you try to run barnyard in console rather than to
> have it daemonized.
>
> Send the output.
>
> -elz
>
>
> On Fri, Feb 11, 2011 at 11:40 PM, Atkins, Dwane P <ATKINSD at ...9240...> wrote:
>> I have reloaded a sensor with Ubuntu 10.0.4.1 LTS, Snort 2.9.0.3, and
>> Barnyard2 1.9  with mysql.
>>
>>
>>
>> Snort seems to start just fine and the snort logs are growing but when I do
>> a ps -ef | grep snort, I do not see Barnyard2 starting.
>>
>>
>>
>> Our rc.local reads:
>>
>>
>>
>> ifconfig eth1 up
>>
>> # Start the snort process
>>
>> /usr/local/snort/bin/snort -D -u snort -g snort -c
>> /usr/local/snort/etc/snort.conf -i eth1
>>
>> # Start the Barnyard2 process
>>
>> /usr/local/bin/barnyard2 -c /usr/local/snort/etc/barnyard2.conf -G
>> /usr/local/snort/etc/gen-msg.map -S /usr/local/snort/etc/s
>>
>> id-msg.map -d /var/log/snort -f snort.u2 -w /var/log/snort/barnyard2.waldo
>> -D
>>
>> exit 0
>>
>>
>>
>> I looked in dmesg and see the following issue:
>>
>>
>>
>> 33.845428] __ratelimit: 45 callbacks suppressed
>>
>> [   33.845436] barnyard2[1426]: segfault at 1d ip 0071050b sp bfed4c6c error
>> 4 in libc-2.11.1.so[6d0000+153000]
>>
>>
>>
>> Any help would be appreciated
>>
>>
>>
>> Dwane
>>
>> ------------------------------------------------------------------------------
>> The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
>> Pinpoint memory and threading errors before they happen.
>> Find and fix more than 250 security defects in the development cycle.
>> Locate bottlenecks in serial and parallel code that limit performance.
>> http://p.sf.net/sfu/intel-dev2devfeb
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>
>




More information about the Snort-users mailing list