[Snort-users] [Snort-Users] Barnyard2 not starting
beenph at ...11827...
Fri Jul 8 13:26:54 EDT 2011
On Fri, Jul 8, 2011 at 1:11 PM, Michael Lubinski
<michael.lubinski at ...11827...> wrote:
> After barnyard2 randomly crashes I try to restart and I get this error;
> --== Initialization Complete ==--
> Jul 8 12:05:37 sensor barnyard2: Barnyard2 initialization completed
> successfully (pid=6819)
> Jul 8 12:05:37 sensor barnyard2: Using waldo file
> '/var/log/snort/barnyard2.waldo': spool directory = /snortlogs spool
> filebase = snort.u2 time_stamp = 1310131063 record_idx =
> Jul 8 12:05:37 sensor barnyard2: Opened spool file
> Jul 8 12:05:37 sensor barnyard2: FATAL ERROR: Unknown record type
> read: 110
> Snort stays running but randomly barnyard2 crashes.
Ok, its not a crash. Its a symptom caused by Extra data record type.
Now i see that you are running 2-1.8
This is fixed in 2-1.9 that you can fetch at
Once you download it, you will need to read the README that will guide
you thru the build process.
(mainly use autoreconf before ./configure (your option) , make and the
copy the barnyard2 binary where needed.)
Now, 2-1.9 and upcomming 2-1.10 handle extra record but will ignore them.
There is a chance that output module in 2-2.x series start to handle
extra data but this is not a fixed feature yet,
alot of things have to fall in place before a concrete way to handle
extra-data records are passed to output pluggins for processing.
I hope it will fix your issue.
More information about the Snort-users