[Snort-users] Barnyard2 error

Abid Ayoub abid.ayoub at ...11827...
Wed Jul 24 11:09:23 EDT 2013


Hi

Thanks for the answer.

but the probel that i get no result after i run snort.
i got this :



database: Closing connection to database "snort"
===============================================================================
Record Totals:
   Records:           0
   Events:           0 (0.000%)
   Packets:           0 (0.000%)
   Unknown:           0 (0.000%)
   Suppressed:           0 (0.000%)
===============================================================================
Packet breakdown by protocol (includes rebuilt packets):
      ETH: 0          (0.000%)
  ETHdisc: 0          (0.000%)
     VLAN: 0          (0.000%)
     IPV6: 0          (0.000%)
  IP6 EXT: 0          (0.000%)
  IP6opts: 0          (0.000%)
  IP6disc: 0          (0.000%)
      IP4: 0          (0.000%)
  IP4disc: 0          (0.000%)
    TCP 6: 0          (0.000%)
    UDP 6: 0          (0.000%)
    ICMP6: 0          (0.000%)
  ICMP-IP: 0          (0.000%)
      TCP: 0          (0.000%)
      UDP: 0          (0.000%)
     ICMP: 0          (0.000%)
  TCPdisc: 0          (0.000%)
  UDPdisc: 0          (0.000%)
  ICMPdis: 0          (0.000%)
     FRAG: 0          (0.000%)
   FRAG 6: 0          (0.000%)
      ARP: 0          (0.000%)
    EAPOL: 0          (0.000%)
  ETHLOOP: 0          (0.000%)
      IPX: 0          (0.000%)
    OTHER: 0          (0.000%)
  DISCARD: 0          (0.000%)
InvChkSum: 0          (0.000%)
   S5 G 1: 0          (0.000%)
   S5 G 2: 0          (0.000%)
    Total: 0
===============================================================================


So , is this normal ? where probably is the problem ?

Thanks
Abid


2013/7/24 beenph <beenph at ...11827...>

> On Wed, Jul 24, 2013 at 10:47 AM, Abid Ayoub <abid.ayoub at ...11827...> wrote:
> >
> > Hi,
> > i did´t understand what what do you mean exactly
> > but , if you mean that i am runnung snort or barnyard2 on background ,
> the answer is no.
> > Abid
> >
> >
> > 2013/7/24 Abid Ayoub <abid.ayoub at ...11827...>
> >>
> >> Hi,
> >>
> >> i did´t understand what what do you mean exactly
> >> but , if you mean that i am runnung snort or barnyard2 on background ,
> the answer is no.
> >>
> >> Abid
> >>
> >>
>
> Hi Abid,
> In the first message that you posted with the barnyard2 output, it
> does not seem like it refuse to run,
> you had two warning message.
>
> Message 1:
> [SignatureReferencePullDataStore()]: No Reference found in database ...
>
> Which mean that was no reference found in the sig_reference table
>
> Message 2:
> WARNING: Ignoring corrupt/truncated waldofile
> '/var/log/snort/barnyard2.waldo'
>
> Which mean it either didin't found the waldo file or that the waldo
> file had been incomplete,
> thus until it processes any events and write a good waldo file if you
> stop and start barnyard2
> you will get that message.
>
> -elz
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130724/4863b6c0/attachment.html>


More information about the Snort-users mailing list