[Snort-users] Snort 2.9.3.1 / Barnyard2 2.1.9 Problem

Berndt, Achim aberndt at ...15761...
Fri Aug 24 15:04:12 EDT 2012


Hi elz,

Thanks for your reply.


Which unified2 output mode did you configured in snort?

-> output unified2: filename snort.unified2, limit 128

Did you install barnyard2 from source or from a package?

-> from source (barnyard2-1.9.tar.gz)

What is your barnyard2 configuration and barnyard2 command line?

-> barnyard2 -u snort -g snort -d /var/log/snort -f snort.unified2 -c 
-> /etc/snort/barnyard2.conf

Regards
Achim

-----Ursprüngliche Nachricht-----
Von: beenph [mailto:beenph at ...11827...] 
Gesendet: Montag, 20. August 2012 13:22
An: Berndt, Achim
Cc: snort-users at lists.sourceforge.net; barnyard2-users at ...14071...
Betreff: Re: [Snort-users] Snort 2.9.3.1 / Barnyard2 2.1.9 Problem

On Mon, Aug 20, 2012 at 2:59 AM, Berndt, Achim <aberndt at ...15761...> wrote:
> Hi,
>
>

Greetings Achim,

>
> I have installed the new version of snort and tried to log to mysql 
> via barnyard2.
>
> Unfortunately barnyard2 crashed every time, if it read the merged 
> unified2 logfile?!
>
> Following message appears in the messages logfile:
>
>
>
> Aug 20 08:56:46 ids1 barnyard2: Log directory = /var/log/barnyard2
>
> Aug 20 08:56:46 ids1 barnyard2: Initializing daemon mode
>
> Aug 20 08:56:46 ids1 barnyard2: Daemon parent exiting
>
> Aug 20 08:56:46 ids1 barnyard2: Daemon initialized, signaled parent pid:
> 20379
>
> Aug 20 08:56:46 ids1 barnyard2: PID path stat checked out ok, PID path 
> set to /var/run/
>
> Aug 20 08:56:46 ids1 barnyard2: Writing PID "20382" to file 
> "/var/run//barnyard2_eth0.pid"
>
> Aug 20 08:56:47 ids1 barnyard2: database: inconsistent cid information 
> for
> sid=11
>
> Aug 20 08:56:47 ids1 barnyard2:           Recovering by rolling forward the
> cid=1
>
> Aug 20 08:56:47 ids1 barnyard2: database: compiled support for (mysql)
>
> Aug 20 08:56:47 ids1 barnyard2: database: configured to use mysql
>
> Aug 20 08:56:47 ids1 barnyard2: database: schema version = 107
>
> Aug 20 08:56:47 ids1 barnyard2: database:           host = localhost
>
> Aug 20 08:56:47 ids1 barnyard2: database:           user = SnortLogUser
>
> Aug 20 08:56:47 ids1 barnyard2: database:  database name = SnortLog
>
> Aug 20 08:56:47 ids1 barnyard2: database:    sensor name = ids1:eth0
>
> Aug 20 08:56:47 ids1 barnyard2: database:      sensor id = 11
>
> Aug 20 08:56:47 ids1 barnyard2: database:     sensor cid = 2
>
> Aug 20 08:56:47 ids1 barnyard2: database:  data encoding = hex
>
> Aug 20 08:56:47 ids1 barnyard2: database:   detail level = full
>
> Aug 20 08:56:47 ids1 barnyard2: database:     ignore_bpf = no
>
> Aug 20 08:56:47 ids1 barnyard2: database: using the "log" facility
>
> Aug 20 08:56:47 ids1 barnyard2:
>
> Aug 20 08:56:47 ids1 barnyard2:         --== Initialization Complete ==--
>
> Aug 20 08:56:47 ids1 barnyard2: Barnyard2 initialization completed 
> successfully (pid=20382)
>
> Aug 20 08:56:47 ids1 barnyard2: Using waldo file
> '/var/log/snort/barnyard2.waldo':#012    spool directory =
> /var/log/snort#012    spool filebase  = snort.unified2#012    time_stamp
> = 1345395953#012    record_idx      = 2
>
> Aug 20 08:56:47 ids1 barnyard2: Opened spool file 
> '/var/log/snort/snort.unified2.1345395953'
>

Which unified2 output mode did you configured in snort?

Did you install barnyard2 from source or from a package?

What is your barnyard2 configuration and barnyard2 command line?

Cheers,

-elz




More information about the Snort-users mailing list