[Snort-users] Snort 2.9.3.1 / Barnyard2 2.1.9 Problem

beenph beenph at ...11827...
Mon Aug 20 07:21:36 EDT 2012


On Mon, Aug 20, 2012 at 2:59 AM, Berndt, Achim
<aberndt at ...15761...> wrote:
> Hi,
>
>

Greetings Achim,

>
> I have installed the new version of snort and tried to log to mysql via
> barnyard2.
>
> Unfortunately barnyard2 crashed every time, if it read the merged unified2
> logfile?!
>
> Following message appears in the messages logfile:
>
>
>
> Aug 20 08:56:46 ids1 barnyard2: Log directory = /var/log/barnyard2
>
> Aug 20 08:56:46 ids1 barnyard2: Initializing daemon mode
>
> Aug 20 08:56:46 ids1 barnyard2: Daemon parent exiting
>
> Aug 20 08:56:46 ids1 barnyard2: Daemon initialized, signaled parent pid:
> 20379
>
> Aug 20 08:56:46 ids1 barnyard2: PID path stat checked out ok, PID path set
> to /var/run/
>
> Aug 20 08:56:46 ids1 barnyard2: Writing PID "20382" to file
> "/var/run//barnyard2_eth0.pid"
>
> Aug 20 08:56:47 ids1 barnyard2: database: inconsistent cid information for
> sid=11
>
> Aug 20 08:56:47 ids1 barnyard2:           Recovering by rolling forward the
> cid=1
>
> Aug 20 08:56:47 ids1 barnyard2: database: compiled support for (mysql)
>
> Aug 20 08:56:47 ids1 barnyard2: database: configured to use mysql
>
> Aug 20 08:56:47 ids1 barnyard2: database: schema version = 107
>
> Aug 20 08:56:47 ids1 barnyard2: database:           host = localhost
>
> Aug 20 08:56:47 ids1 barnyard2: database:           user = SnortLogUser
>
> Aug 20 08:56:47 ids1 barnyard2: database:  database name = SnortLog
>
> Aug 20 08:56:47 ids1 barnyard2: database:    sensor name = ids1:eth0
>
> Aug 20 08:56:47 ids1 barnyard2: database:      sensor id = 11
>
> Aug 20 08:56:47 ids1 barnyard2: database:     sensor cid = 2
>
> Aug 20 08:56:47 ids1 barnyard2: database:  data encoding = hex
>
> Aug 20 08:56:47 ids1 barnyard2: database:   detail level = full
>
> Aug 20 08:56:47 ids1 barnyard2: database:     ignore_bpf = no
>
> Aug 20 08:56:47 ids1 barnyard2: database: using the "log" facility
>
> Aug 20 08:56:47 ids1 barnyard2:
>
> Aug 20 08:56:47 ids1 barnyard2:         --== Initialization Complete ==--
>
> Aug 20 08:56:47 ids1 barnyard2: Barnyard2 initialization completed
> successfully (pid=20382)
>
> Aug 20 08:56:47 ids1 barnyard2: Using waldo file
> '/var/log/snort/barnyard2.waldo':#012    spool directory =
> /var/log/snort#012    spool filebase  = snort.unified2#012    time_stamp
> = 1345395953#012    record_idx      = 2
>
> Aug 20 08:56:47 ids1 barnyard2: Opened spool file
> '/var/log/snort/snort.unified2.1345395953'
>

Which unified2 output mode did you configured in snort?

Did you install barnyard2 from source or from a package?

What is your barnyard2 configuration and barnyard2 command line?

Cheers,

-elz




More information about the Snort-users mailing list