Snort mailing list archives
Barnyard2 issue: can't extract timestamp extention from 'snort.u2.1484091351'using base 'snort.u2.1484091351'
From: changliu <cchliu () ucdavis edu>
Date: Tue, 10 Jan 2017 15:46:46 -0800
Hi, all, I am trying to use barnyard2 in snort output analysis. I am using Barnyard2 2-1.14 and Snort version 2.9.9.0. I followed the instruction here: https://s3.amazonaws.com/snort-org-site/production/document_files/files/000/000/090/original/Snort_2.9.8.x_on_Ubuntu_12-14-15.pdf?AWSAccessKeyId=AKIAIXACIED2SPMSC7GA&Expires=1483945110&Signature=Toh9NrUOWchhQFJUtYvsgeZG%2BqU%3D In the snort.conf, I specified: output unified2: filename snort.u2, limit 128 And after running snort, snort.u2.xxxxxxxxxx is generated in the /var/log/snort. However, when I am running Barnyard2 to process the events in snort.u2.xxxxxxxxxx, It keeps printing out these error messages: WARNING: Can't extract timestamp extension from 'snort.u2.1484091351'using base 'snort.u2.1484091351' Can somebody shed light on this problem? Thanks Chang
------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today. http://sdm.link/xeonphi
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Barnyard2 issue: can't extract timestamp extention from 'snort.u2.1484091351'using base 'snort.u2.1484091351' changliu (Jan 10)