Snort mailing list archives

Re: Fwd: Re: barnyard2-1.10 major problem

From: "Lawrence R. Hughes, Sr." <lhughes () safemedia com>
Date: Thu, 25 Oct 2012 10:00:41 -0400

Beenph,

barnyard2-1.10 command line:
    /smlog/barnyard2/bin/barnyard2 -eDUqc 
/smlog/barnyard2/etc/barnyard2.conf --alert-on-each-packet-in-stream --pid-path 
/smlog/ -l /smlog/logs/barnyard2 -d /smlog/logs -f snort.log -w 
/smlog/logs/snort.waldo &
 snort.conf:
    output unified2: filename snort.log, limit 128

Thanks,
Larry


----- Original Message ----- 
From: "beenph" <beenph () gmail com>
To: "Lawrence R. Hughes, Sr." <lhughes () safemedia com>
Cc: "Jack" <kingofnerds () gmail com>; <barnyard2-users () googlegroups com>; 
"snort-users" <snort-users () lists sourceforge net>
Sent: Thursday, October 25, 2012 9:48 AM
Subject: Re: [Snort-users] Fwd: Re: barnyard2-1.10 major problem

On Thu, Oct 25, 2012 at 9:40 AM, Lawrence R. Hughes, Sr.
<lhughes () safemedia com> wrote:

Beenph,

As you suggested yesterday to add the following:


"add  --alert-on-each-packet-in-stream in your barnyard2 command line
and it will work as expected."

This does not work, I have a unified2 file from snort that has 4 packets
along with the alert, but barnyard2-1.10 is only inserting the first 
packet
into the snort.data table???


Whats is the barnyard2 command line do you use?

Also what is your unified2 output configuration in snort.conf?

So far we have increased the CACHED_EVENTS_MAX  from 512 to 2048 and 
again
to 4096  (did not help)
added: --alert-on-each-packet-in-stream to barnyard2 command line (did 
not
help).

What do you suggest now to get barnyard2-1.10 to work as you say it 
should?
BTW it never worked in barnyard2-1.8 either.

I can't say for 2-1.8.

-elz



------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_sfd2d_oct
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Re: barnyard2-1.10 major problem, (continued)
- - Re: barnyard2-1.10 major problem Lawrence R. Hughes, Sr. (Oct 24)
    - Re: barnyard2-1.10 major problem beenph (Oct 24)
    - Re: barnyard2-1.10 major problem Lawrence R. Hughes, Sr. (Oct 24)
    - Re: barnyard2-1.10 major problem beenph (Oct 24)
- Re: barnyard2-1.10 major problem Lawrence R. Hughes, Sr. (Oct 24)
  - Re: barnyard2-1.10 major problem beenph (Oct 24)
    - Message not available
    - Fwd: Re: barnyard2-1.10 major problem Jack (Oct 25)
    - Re: Fwd: Re: barnyard2-1.10 major problem beenph (Oct 25)
    - Re: Fwd: Re: barnyard2-1.10 major problem Lawrence R. Hughes, Sr. (Oct 25)
    - Re: Fwd: Re: barnyard2-1.10 major problem beenph (Oct 25)
    - Re: Fwd: Re: barnyard2-1.10 major problem Lawrence R. Hughes, Sr. (Oct 25)
    - Re: Fwd: Re: barnyard2-1.10 major problem beenph (Oct 25)
    - Re: Fwd: Re: barnyard2-1.10 major problem Lawrence R. Hughes, Sr. (Oct 25)
    - Re: Fwd: Re: barnyard2-1.10 major problem beenph (Oct 25)
    - Re: Fwd: Re: barnyard2-1.10 major problem Lawrence R. Hughes, Sr. (Oct 25)
    - Re: Fwd: Re: barnyard2-1.10 major problem beenph (Oct 25)
    - Re: Fwd: Re: barnyard2-1.10 major problem Lawrence R. Hughes, Sr. (Oct 25)
    - Re: Fwd: Re: barnyard2-1.10 major problem beenph (Oct 25)
    - Re: Fwd: Re: barnyard2-1.10 major problem Lawrence R. Hughes, Sr. (Oct 25)
    - Re: Fwd: Re: barnyard2-1.10 major problem beenph (Oct 25)
    - Re: Fwd: Re: barnyard2-1.10 major problem Lawrence R. Hughes, Sr. (Oct 25)

(Thread continues...)