[Snort-users] Help w/ barnyard2 issues

beenph beenph at ...11827...
Sat May 24 13:29:59 EDT 2014


Make sure you have removed all potential duplicates in your database
especialy if you have upgraded from  by2 < 2-1.13 to 2-1.13.

Also you migh want to current current bug-fix-release which can be found here.
https://github.com/binf/barnyard2/tree/bug-fix-release

It fixes a few issues from 2-1.13 rel.

Cheers,
-elz


On Tue, May 20, 2014 at 2:41 PM, Moore, Jim <jmoore at ...16816...> wrote:
> I have 2 issues w/ barnyard2 2.1.13 running on a Fedora 19 box.  The box
> has 3 sensor interfaces w/ 3 snort instances and 3 barnyard2 instances.
> Each of the barnyard2 instances is writing output to a fast alert file
> and a remote Postgresql database.  The first problem occurs during
> barnyard2 startup.  When the instance initializes the database
> connection it encounters a fatal error like so:
>
> ERROR database: Query [SELECT sig_id FROM signature WHERE (sig_sid  =
> '17688') AND (sig_gid  = '1') AND (sig_rev  = '9') AND (sig_class_id =
> '9') AND (sig_priority = '1') AND (sig_name = 'BROWSER-IE Microsoft
> Internet Explorer userdata behavior memory corruption attempt'); ]
> returned more than one result
>
> So far, the only fix I have been able to come up w/ is to hand-remove
> the existing row from the signature table and restart 1 barnyard2
> instance.  The 2nd instance encounters the same error, so I repeat the
> process for all 3 instances.
>
> The second problem involves creating ASCII log output.  I have found
> what appears to be some kind of error using BASE 1.4.5, in that the
> packet data logged w/ some alerts does not match the patterns defined in
> the alert signature.  To help isolate the source of the problem I wanted
> to create ASCII log output along w/ database logging so I could compare
> the two results.  But I have not been able to get ASCII log output at
> all.  What would I have to do to generate ASCII log output?  Run a
> separate barnyard2 instance just for ASCII logging?  Run a separate
> snort instance w/ ASCII log output?
>
> Jim Moore
>
> --
> James J. Moore, Network Administrator
> NexTier Bank
> 245 Pittsburgh Road
> Butler, PA  16001
> jmoore at ...16816...
> Phone: 724-214-6205
> Cell:  724-355-6718
>
> This message and any attachments are intended for the sole use
> of the addressee and may contain information that is privileged
> and confidential.  If the reader of the message is not the intended
> recipient or an authorized  representative of the intended recipient,
> you are hereby notified that any dissemination of this communication
> is strictly prohibited.  If you have received this communication in error,
> notify the sender immediately by return email and delete the message
> and any attachments from your system.
>
> ------------------------------------------------------------------------------
> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
> Instantly run your Selenium tests across 300+ browser/OS combos.
> Get unparalleled scalability from the best Selenium testing platform available
> Simple to use. Nothing to install. Get started now for free."
> http://p.sf.net/sfu/SauceLabs
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!




More information about the Snort-users mailing list