[Snort-users] Help w/ barnyard2 issues
beenph at ...11827...
Sat May 24 13:29:59 EDT 2014
Make sure you have removed all potential duplicates in your database
especialy if you have upgraded from by2 < 2-1.13 to 2-1.13.
Also you migh want to current current bug-fix-release which can be found here.
It fixes a few issues from 2-1.13 rel.
On Tue, May 20, 2014 at 2:41 PM, Moore, Jim <jmoore at ...16816...> wrote:
> I have 2 issues w/ barnyard2 2.1.13 running on a Fedora 19 box. The box
> has 3 sensor interfaces w/ 3 snort instances and 3 barnyard2 instances.
> Each of the barnyard2 instances is writing output to a fast alert file
> and a remote Postgresql database. The first problem occurs during
> barnyard2 startup. When the instance initializes the database
> connection it encounters a fatal error like so:
> ERROR database: Query [SELECT sig_id FROM signature WHERE (sig_sid =
> '17688') AND (sig_gid = '1') AND (sig_rev = '9') AND (sig_class_id =
> '9') AND (sig_priority = '1') AND (sig_name = 'BROWSER-IE Microsoft
> Internet Explorer userdata behavior memory corruption attempt'); ]
> returned more than one result
> So far, the only fix I have been able to come up w/ is to hand-remove
> the existing row from the signature table and restart 1 barnyard2
> instance. The 2nd instance encounters the same error, so I repeat the
> process for all 3 instances.
> The second problem involves creating ASCII log output. I have found
> what appears to be some kind of error using BASE 1.4.5, in that the
> packet data logged w/ some alerts does not match the patterns defined in
> the alert signature. To help isolate the source of the problem I wanted
> to create ASCII log output along w/ database logging so I could compare
> the two results. But I have not been able to get ASCII log output at
> all. What would I have to do to generate ASCII log output? Run a
> separate barnyard2 instance just for ASCII logging? Run a separate
> snort instance w/ ASCII log output?
> Jim Moore
> James J. Moore, Network Administrator
> NexTier Bank
> 245 Pittsburgh Road
> Butler, PA 16001
> jmoore at ...16816...
> Phone: 724-214-6205
> Cell: 724-355-6718
> This message and any attachments are intended for the sole use
> of the addressee and may contain information that is privileged
> and confidential. If the reader of the message is not the intended
> recipient or an authorized representative of the intended recipient,
> you are hereby notified that any dissemination of this communication
> is strictly prohibited. If you have received this communication in error,
> notify the sender immediately by return email and delete the message
> and any attachments from your system.
> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
> Instantly run your Selenium tests across 300+ browser/OS combos.
> Get unparalleled scalability from the best Selenium testing platform available
> Simple to use. Nothing to install. Get started now for free."
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
> Please visit http://blog.snort.org to stay current on all the latest Snort news!
More information about the Snort-users