[Snort-users] [Snort-Users] Barnyard2 not starting

Michael Lubinski michael.lubinski at ...11827...
Fri Jul 8 13:28:54 EDT 2011


Thanks, I will try this.
On Jul 8, 2011 12:26 PM, "beenph" <beenph at ...11827...> wrote:
> On Fri, Jul 8, 2011 at 1:11 PM, Michael Lubinski
> <michael.lubinski at ...11827...> wrote:
>> After barnyard2 randomly crashes I try to restart and I get this error;
>>
>>   --== Initialization Complete ==--
>> Jul  8 12:05:37 sensor barnyard2[6819]: Barnyard2 initialization
completed
>> successfully (pid=6819)
>> Jul  8 12:05:37 sensor barnyard2[6819]: Using waldo file
>> '/var/log/snort/barnyard2.waldo':     spool directory = /snortlogs
spool
>> filebase  = snort.u2     time_stamp      = 1310131063     record_idx
 =
>> 103
>> Jul  8 12:05:37 sensor barnyard2[6819]: Opened spool file
>> '/snortlogs/snort.u2.1310131063'
>> Jul  8 12:05:37 sensor barnyard2[6819]: FATAL ERROR: Unknown record type
>> read: 110
>>
>> Snort stays running but randomly barnyard2 crashes.
>>
>
> Ok, its not a crash. Its a symptom caused by Extra data record type.
>
> Now i see that you are running 2-1.8
>
> This is fixed in 2-1.9 that you can fetch at
> https://github.com/firnsy/barnyard2/tree/v2-1.9.
>
> Once you download it, you will need to read the README that will guide
> you thru the build process.
> (mainly use autoreconf before ./configure (your option) , make and the
> copy the barnyard2 binary where needed.)
>
>
> Now, 2-1.9 and upcomming 2-1.10 handle extra record but will ignore them.
>
> There is a chance that output module in 2-2.x series start to handle
> extra data but this is not a fixed feature yet,
> alot of things have to fall in place before a concrete way to handle
> extra-data records are passed to output pluggins for processing.
>
>
> I hope it will fix your issue.
>
> -elz
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20110708/44d72fb7/attachment.html>


More information about the Snort-users mailing list