Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Barnyard seg faulting

From: "Poppi, Sandro" <Sandro.Poppi () wacker com>
Date: Wed, 20 Feb 2002 14:01:44 +0100
I'm trying to set up barnyard 0.1.0-beta4 (latest I found on snort.org) and
snort-1.8.4beta1 build 91 on RedHat Linux 7.2, barnyard compiled with mysql
support.

Snort is set up with the following unified output processors:
output alert_unified: filename snort.alert, limit 128
output log_unified: filename snort.log, limit 128

The barnyard configuration looks like this:
processor dp_alert
processor dp_stream_stat
output alert_syslog: LOG_AUTH LOG_ALERT LOG_PID
output alert_acid_db: mysql, sensor_id 9, database snort, server ids01, user
snort, password xxxxx, detail full
# output log_acid_db: mysql, sensor_id 9, database snort, server ids01, user
snort, password xxxxxx, detail full

When running barnyard with

barnyard  -c /etc/snort/barnyard.conf  -d /var/log/snort -g
/etc/snort/gen-msg.map -s /etc/snort/sid-msg.map  -f snort.alert

I get

   --== Initializing Barnyard ==--

-*> Barnyard! <*-
Version 0.1.0-beta4 (Build 5)
By Martin Roesch (roesch () sourcefire com, www.snort.org)
and Andrew R. Baker (andrewb () uab edu)

Loading Data Processors...
dp_alert loaded
dp_log loaded
dp_stream_stat loaded
Loading Built-in Output Plugins...
Fast Alert plugin initialized
AlertSyslog initialized
Log Dump plugin initialized
LogPcap initialized
AcidDb output plugin initialized
Parsing Config file: /etc/snort/barnyard.conf
Args: mysql, sensor_id 9, database snort, server zbghids01, user snort,
password harry, detail full

   --== Initialization Complete ==--

AcidDbOpStart
cid == 4
AcidDbOpStart Complete
Rotating file [read 0 records from /var/log/snort/snort.alert.1014206446]
SQL: INSERT INTO event(sid, cid, signature, timestamp) VALUES('9', '5', '1',
'2002-02-20 12:01:24')
Rotating file [read 1 records from /var/log/snort/snort.alert.1014206482]
Segmentation fault

Any hint is greatly appreciated!

TIA,
Sandro

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: