[Snort-users] Barnyard2 issue: can't extract timestamp extention from 'snort.u2.1484091351'using base 'snort.u2.1484091351'

changliu cchliu at ...17727...
Tue Jan 10 18:46:46 EST 2017


Hi, all,

I am trying to use barnyard2 in snort output analysis. I am using Barnyard2
2-1.14 and Snort version 2.9.9.0.

I followed the instruction here:
https://s3.amazonaws.com/snort-org-site/production/document_files/files/000/000/090/original/Snort_2.9.8.x_on_Ubuntu_12-14-15.pdf?AWSAccessKeyId=AKIAIXACIED2SPMSC7GA&Expires=1483945110&Signature=Toh9NrUOWchhQFJUtYvsgeZG%2BqU%3D

In the snort.conf, I specified:
output unified2: filename snort.u2, limit 128

And after running snort, snort.u2.xxxxxxxxxx is generated in the
/var/log/snort.

However, when I am running Barnyard2 to process the events in
snort.u2.xxxxxxxxxx,

It keeps printing out these error messages:
WARNING: Can't extract timestamp extension from 'snort.u2.1484091351'using
base 'snort.u2.1484091351'

Can somebody shed light on this problem?

Thanks
Chang
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20170110/e8c63b4e/attachment.html>


More information about the Snort-users mailing list