Snort mailing list archives
Re: Snort 2.9.3.1 / Barnyard2 2.1.9 Problem
From: "Berndt, Achim" <aberndt () studio-hamburg de>
Date: Sat, 25 Aug 2012 07:40:55 +0000
Hi, I got the hint to try the new version 2.1.10 of Barnyard2, which we can download from https://github.com/binf/barnyard2/tree/pre-stable, Now it works! Thanks for your help. Regards Achim Hi elz, Thanks for your reply. Which unified2 output mode did you configured in snort? -> output unified2: filename snort.unified2, limit 128 Did you install barnyard2 from source or from a package? -> from source (barnyard2-1.9.tar.gz) What is your barnyard2 configuration and barnyard2 command line? -> barnyard2 -u snort -g snort -d /var/log/snort -f snort.unified2 -c /etc/snort/barnyard2.conf -> config reference_file: /etc/snort/reference.config config classification_file: /etc/snort/classification.config config gen_file: /etc/snort/gen-msg.map config sid_file: /etc/snort/sid-msg.map config logdir: /var/log/barnyard2 config hostname: ids1 config interface: eth0 config daemon config waldo_file: /var/log/snort/barnyard2.waldo input unified2 output database: log, mysql, user=SnortLogUser password=password dbname=SnortLog host=localhost regards Achim -----Ursprüngliche Nachricht----- Von: beenph [mailto:beenph () gmail com] Gesendet: Montag, 20. August 2012 13:22 An: Berndt, Achim Cc: snort-users () lists sourceforge net; barnyard2-users () googlegroups com Betreff: Re: [Snort-users] Snort 2.9.3.1 / Barnyard2 2.1.9 Problem On Mon, Aug 20, 2012 at 2:59 AM, Berndt, Achim <aberndt () studio-hamburg de> wrote:
Hi,
Greetings Achim,
I have installed the new version of snort and tried to log to mysql via barnyard2. Unfortunately barnyard2 crashed every time, if it read the merged unified2 logfile?! Following message appears in the messages logfile: Aug 20 08:56:46 ids1 barnyard2: Log directory = /var/log/barnyard2 Aug 20 08:56:46 ids1 barnyard2: Initializing daemon mode Aug 20 08:56:46 ids1 barnyard2: Daemon parent exiting Aug 20 08:56:46 ids1 barnyard2: Daemon initialized, signaled parent pid: 20379 Aug 20 08:56:46 ids1 barnyard2: PID path stat checked out ok, PID path set to /var/run/ Aug 20 08:56:46 ids1 barnyard2: Writing PID "20382" to file "/var/run//barnyard2_eth0.pid" Aug 20 08:56:47 ids1 barnyard2: database: inconsistent cid information for sid=11 Aug 20 08:56:47 ids1 barnyard2: Recovering by rolling forward the cid=1 Aug 20 08:56:47 ids1 barnyard2: database: compiled support for (mysql) Aug 20 08:56:47 ids1 barnyard2: database: configured to use mysql Aug 20 08:56:47 ids1 barnyard2: database: schema version = 107 Aug 20 08:56:47 ids1 barnyard2: database: host = localhost Aug 20 08:56:47 ids1 barnyard2: database: user = SnortLogUser Aug 20 08:56:47 ids1 barnyard2: database: database name = SnortLog Aug 20 08:56:47 ids1 barnyard2: database: sensor name = ids1:eth0 Aug 20 08:56:47 ids1 barnyard2: database: sensor id = 11 Aug 20 08:56:47 ids1 barnyard2: database: sensor cid = 2 Aug 20 08:56:47 ids1 barnyard2: database: data encoding = hex Aug 20 08:56:47 ids1 barnyard2: database: detail level = full Aug 20 08:56:47 ids1 barnyard2: database: ignore_bpf = no Aug 20 08:56:47 ids1 barnyard2: database: using the "log" facility Aug 20 08:56:47 ids1 barnyard2: Aug 20 08:56:47 ids1 barnyard2: --== Initialization Complete ==-- Aug 20 08:56:47 ids1 barnyard2: Barnyard2 initialization completed successfully (pid=20382) Aug 20 08:56:47 ids1 barnyard2: Using waldo file '/var/log/snort/barnyard2.waldo':#012 spool directory = /var/log/snort#012 spool filebase = snort.unified2#012 time_stamp = 1345395953#012 record_idx = 2 Aug 20 08:56:47 ids1 barnyard2: Opened spool file '/var/log/snort/snort.unified2.1345395953'
Which unified2 output mode did you configured in snort? Did you install barnyard2 from source or from a package? What is your barnyard2 configuration and barnyard2 command line? Cheers, -elz ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort 2.9.3.1 / Barnyard2 2.1.9 Problem Berndt, Achim (Aug 20)
- Re: Snort 2.9.3.1 / Barnyard2 2.1.9 Problem beenph (Aug 20)
- Re: Snort 2.9.3.1 / Barnyard2 2.1.9 Problem Berndt, Achim (Aug 24)
- Re: Snort 2.9.3.1 / Barnyard2 2.1.9 Problem Berndt, Achim (Aug 25)
- Re: Snort 2.9.3.1 / Barnyard2 2.1.9 Problem beenph (Aug 20)