[Snort-users] Snort 2.9.3.1 / Barnyard2 2.1.9 Problem

Berndt, Achim aberndt at ...15761...
Mon Aug 20 02:59:59 EDT 2012


Hi,

I have installed the new version of snort and tried to log to mysql via barnyard2.
Unfortunately barnyard2 crashed every time, if it read the merged unified2 logfile?!
Following message appears in the messages logfile:

Aug 20 08:56:46 ids1 barnyard2: Log directory = /var/log/barnyard2
Aug 20 08:56:46 ids1 barnyard2: Initializing daemon mode
Aug 20 08:56:46 ids1 barnyard2: Daemon parent exiting
Aug 20 08:56:46 ids1 barnyard2: Daemon initialized, signaled parent pid: 20379
Aug 20 08:56:46 ids1 barnyard2: PID path stat checked out ok, PID path set to /var/run/
Aug 20 08:56:46 ids1 barnyard2: Writing PID "20382" to file "/var/run//barnyard2_eth0.pid"
Aug 20 08:56:47 ids1 barnyard2: database: inconsistent cid information for sid=11
Aug 20 08:56:47 ids1 barnyard2:           Recovering by rolling forward the cid=1
Aug 20 08:56:47 ids1 barnyard2: database: compiled support for (mysql)
Aug 20 08:56:47 ids1 barnyard2: database: configured to use mysql
Aug 20 08:56:47 ids1 barnyard2: database: schema version = 107
Aug 20 08:56:47 ids1 barnyard2: database:           host = localhost
Aug 20 08:56:47 ids1 barnyard2: database:           user = SnortLogUser
Aug 20 08:56:47 ids1 barnyard2: database:  database name = SnortLog
Aug 20 08:56:47 ids1 barnyard2: database:    sensor name = ids1:eth0
Aug 20 08:56:47 ids1 barnyard2: database:      sensor id = 11
Aug 20 08:56:47 ids1 barnyard2: database:     sensor cid = 2
Aug 20 08:56:47 ids1 barnyard2: database:  data encoding = hex
Aug 20 08:56:47 ids1 barnyard2: database:   detail level = full
Aug 20 08:56:47 ids1 barnyard2: database:     ignore_bpf = no
Aug 20 08:56:47 ids1 barnyard2: database: using the "log" facility
Aug 20 08:56:47 ids1 barnyard2:
Aug 20 08:56:47 ids1 barnyard2:         --== Initialization Complete ==--
Aug 20 08:56:47 ids1 barnyard2: Barnyard2 initialization completed successfully (pid=20382)
Aug 20 08:56:47 ids1 barnyard2: Using waldo file '/var/log/snort/barnyard2.waldo':#012    spool directory = /var/log/snort#012    spool filebase  = snort.unified2#012    time_stamp      = 1345395953#012    record_idx      = 2
Aug 20 08:56:47 ids1 barnyard2: Opened spool file '/var/log/snort/snort.unified2.1345395953'
Aug 20 08:56:47 ids1 kernel: [238651.810367] barnyard2[20382] general protection ip:413727 sp:7fffc55d6660 error:0 in barnyard2[400000+32000]

Any ideas?

Regards
Achim
-------------------------
Achim Berndt
System & Network Administration
IT-Services

Studio Hamburg GmbH
Jenfelder Allee 80 | Haus PM
22039 Hamburg
Telefon: +49 (40) 6688-3177
Telefax: +49 (40) 6688-5577

aberndt at ...15761...<mailto:aberndt at ...15761...>
www.studio-hamburg.de<http://www.studio-hamburg.de>

........................................................

Aufsichtsratsvorsitzender
Lutz Marmor

Geschäftsführung
Prof. Carl Bergengruen (Vorsitzender)
Dr. Robin Houcken

Amtsgericht Hamburg
66 HRB 9032
-------------------------

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120820/0b8ebfb5/attachment.html>


More information about the Snort-users mailing list